7 CVE-2022-42320

Patch

 

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.
https://nvd.nist.gov/vuln/detail/CVE-2022-42320

Categories

CWE-459 : Incomplete Cleanup
The software does not properly "clean up" and remove temporary or supporting resources after they have been used. Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed. World-readable temporary file not deleted after use. Temporary file not deleted after use, leaking database usernames and passwords. Interaction error creates a temporary file that can not be deleted due to strong permissions. Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak). Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak). Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak). Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak). Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak). Users not logged out when application is restarted after security-relevant changes were made.

References

CONFIRM Patch

DEBIAN

DSA-5272
Third Party Advisory

FEDORA

FEDORA-2022-07438e12df
Mailing List Third Party Advisory
FEDORA-2022-99af00f60e
Mailing List Third Party Advisory
FEDORA-2022-9f51d13fa3
Mailing List Third Party Advisory

MISC Patch

_MLIST


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
Configuration 2
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Patch

Url
http://xenbits.xen.org/xsa/advisory-417.html
https://xenbits.xenproject.org/xsa/advisory-417.txt

Exploits

Exploit-db.com
id description date
No known exploits
Other (github, ...)
Url
No known exploits

CAPEC

id description severity
No entry

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution