Xenstore Vulnerability Exposure in Xen Project by Xen Project
CVE-2022-42320

7HIGH

Key Information:

Vendor

Xen Project
Status
Xen
Vendor
CVE Published:
1 November 2022

What is CVE-2022-42320?

The Xenstore vulnerability allows unauthorized access to Xenstore nodes associated with deleted domains due to improper access control management. When a domain is removed, its associated Xenstore nodes may inadvertently retain access permissions. If another domain is created using the same domain ID (domid), there exists a brief window whereby this new domain could access nodes linked to the previously deleted domain, potentially leading to information exposure. This situation occurs if an established domain writes to the node before the new domain's introduction by dom0, highlighting a critical gap in access rights enforcement that could be exploited.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

xen consult Xen advisory XSA-417

References

https://xenbits.xenproject.org/xsa/advisory-417.txt
http://xenbits.xen.org/xsa/advisory-417.html
http://www.openwall.com/lists/oss-security/2022/11/01/7
mailing-list

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by JĂĽrgen GroĂź of SUSE.'}]}}}
JSON
.