Home > Vulnerability Database > CVE-2022-42325

Mend.io Vulnerability Database

CVE-2022-42325

Date: November 1, 2022

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.

Language: C++

Severity Score

5.5

Related Resources (14)

Url: http://xenbits.xen.org/xsa/advisory-421.html

Url: https://security.gentoo.org/glsa/202402-07

Url: https://security-tracker.debian.org/tracker/CVE-2022-42325

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-42325

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

Url: https://xenbits.xenproject.org/xsa/advisory-421.txt

Url: https://www.debian.org/security/2022/dsa-5272

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Url: http://www.openwall.com/lists/oss-security/2022/11/01/11

Url: https://www.mend.io/vulnerability-database/CVE-2022-42325

Severity Score

5.5

Weakness Type (CWE)

Missing Release of Memory after Effective Lifetime

CWE-401

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-42325

Date: November 1, 2022

Language: C++

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?