CVE-2022-42309
HIGHXen - Denial of Service via Xenstore Node Creation Error Path
Title source: llmDescription
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.
References (8)
Core 8
Core References
Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-414.html
Patch, Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-414.txt
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/4
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5272
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202402-07
Scores
CVSS v3
8.8
EPSS
0.0027
EPSS Percentile
18.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-763
Status
published
Products (5)
debian/debian_linux
11.0
fedoraproject/fedora
35
fedoraproject/fedora
36
fedoraproject/fedora
37
xen/xen
Published
Nov 01, 2022
Tracked Since
Feb 18, 2026