Home > Vulnerability Database > CVE-2022-42310

Mend.io Vulnerability Database

CVE-2022-42310

Date: November 1, 2022

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.

Language: C++

Severity Score

5.5

Related Resources (14)

Url: https://security.gentoo.org/glsa/202402-07

Url: https://security-tracker.debian.org/tracker/CVE-2022-42310

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-42310

Url: https://xenbits.xenproject.org/xsa/advisory-415.txt

Url: http://www.openwall.com/lists/oss-security/2022/11/01/5

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Url: http://xenbits.xen.org/xsa/advisory-415.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

Url: https://www.debian.org/security/2022/dsa-5272

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Url: https://www.mend.io/vulnerability-database/CVE-2022-42310

Severity Score

5.5

Weakness Type (CWE)

Incomplete Cleanup

CWE-459

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-42310

Date: November 1, 2022

Language: C++

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?