CVE-2022-42310
MEDIUMXen 4.9.0-4.12.x - Incomplete Cleanup of Orphaned Xenstore Nodes
Title source: llmDescription
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.
References (8)
Core 8
Core References
Patch, Third Party Advisory
http://xenbits.xen.org/xsa/advisory-415.html
Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-415.txt
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/5
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5272
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202402-07
Scores
CVSS v3
5.5
EPSS
0.0026
EPSS Percentile
17.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-459
Status
published
Products (5)
debian/debian_linux
11.0
fedoraproject/fedora
35
fedoraproject/fedora
36
fedoraproject/fedora
37
xen/xen
4.9.0 - 4.13.0
Published
Nov 01, 2022
Tracked Since
Feb 18, 2026