CVE-2022-42309
HIGH8.8EPSS 0.06%發布日:2022/11/1修改日:2026/4/28
也稱為:ALPINE-CVE-2022-42309DEBIAN-CVE-2022-42309
描述
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.
受影響套件(2)
- Alpine/xenfrom 0, < 4.14.5-r6
- Debian/xenfrom 0, < 4.14.5+86-g1c354767d5-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |