DEBIAN-CVE-2022-42309

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2022-42309

Downstream

DSA-5272-1

Published: 01 Nov 2022, 13:15

Last modified:28 Apr 2026, 20:24

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

8.8 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Nov 2022, 13:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:24

Last Modified

Vulnerability information updated

Description

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

CVSS Metrics

v3.1•HIGH•Score: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Systems

debian•xen
< 4.14.5+86-g1c354767d5-1 | < 4.16.2+90-g0d39a6d1ae-1 | < 4.16.2+90-g0d39a6d1ae-1 | < 4.16.2+90-g0d39a6d1ae-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2022-42309