UBUNTU-CVE-2022-42310

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2022-42310

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42310.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-42310

Related

CVE-2022-42310

Published

2022-11-01T13:15:00Z

Modified

2022-11-01T13:15:00Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.

References

Affected packages

Ubuntu:Pro:16.04:LTS / xen

Package

Name: xen

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.1-0ubuntu1

4.5.1-0ubuntu2

4.6.0-1ubuntu1

4.6.0-1ubuntu2

4.6.0-1ubuntu4

4.6.0-1ubuntu4.1

4.6.0-1ubuntu4.2

4.6.0-1ubuntu4.3

4.6.5-0ubuntu1

4.6.5-0ubuntu1.1

4.6.5-0ubuntu1.2

4.6.5-0ubuntu1.4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / xen

Package

Name: xen

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.0-0ubuntu3

4.9.0-0ubuntu4

4.9.2-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / xen

Package

Name: xen

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.2-0ubuntu2

4.9.2-0ubuntu6

4.9.2-0ubuntu7

4.11.3+24-g14b62ab3e5-1ubuntu1

4.11.3+24-g14b62ab3e5-1ubuntu2

4.11.3+24-g14b62ab3e5-1ubuntu2.2

4.11.3+24-g14b62ab3e5-1ubuntu2.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / xen

Package

Name: xen

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.4+24-gddaaccbbab-1ubuntu2

4.16.0-1~ubuntu2

4.16.0-1~ubuntu2.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / xen

Package

Name: xen

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.17.2-1

4.17.2+55-g0b56bed864-1

4.17.2+76-ge1f9cb16e2-1

4.17.2+76-ge1f9cb16e2-1ubuntu1

4.17.3+10-g091466ba55-1

4.17.3+10-g091466ba55-1.1ubuntu2

4.17.3+10-g091466ba55-1.1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}