UBUNTU-CVE-2022-42309

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-42309

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42309.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-42309

Upstream

CVE-2022-42309

Published

2022-11-01T13:15:00Z

Modified

2025-07-14T06:35:09.248288Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- medium

Summary

[none]

Details

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

References

Affected packages

Ubuntu:Pro:16.04:LTS / xen

Package

Name: xen
Purl: pkg:deb/ubuntu/xen@4.6.5-0ubuntu1.4?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.1-0ubuntu1

4.5.1-0ubuntu2

4.6.0-1ubuntu1

4.6.0-1ubuntu2

4.6.0-1ubuntu4

4.6.0-1ubuntu4.1

4.6.0-1ubuntu4.2

4.6.0-1ubuntu4.3

4.6.5-0ubuntu1

4.6.5-0ubuntu1.1

4.6.5-0ubuntu1.2

4.6.5-0ubuntu1.4

Ubuntu:Pro:18.04:LTS / xen

Package

Name: xen
Purl: pkg:deb/ubuntu/xen@4.9.2-0ubuntu1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.0-0ubuntu3

4.9.0-0ubuntu4

4.9.2-0ubuntu1

Ubuntu:Pro:20.04:LTS / xen

Package

Name: xen
Purl: pkg:deb/ubuntu/xen@4.11.3+24-g14b62ab3e5-1ubuntu2.3?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.2-0ubuntu2

4.9.2-0ubuntu6

4.9.2-0ubuntu7

4.11.3+24-g14b62ab3e5-1ubuntu1

4.11.3+24-g14b62ab3e5-1ubuntu2

4.11.3+24-g14b62ab3e5-1ubuntu2.2

4.11.3+24-g14b62ab3e5-1ubuntu2.3

Ubuntu:22.04:LTS / xen

Package

Name: xen
Purl: pkg:deb/ubuntu/xen@4.16.0-1~ubuntu2.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.4+24-gddaaccbbab-1ubuntu2

4.16.0-1~ubuntu2

4.16.0-1~ubuntu2.1

Ubuntu:24.04:LTS / xen

Package

Name: xen
Purl: pkg:deb/ubuntu/xen@4.17.3+10-g091466ba55-1.1ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.17.2-1

4.17.2+55-g0b56bed864-1

4.17.2+76-ge1f9cb16e2-1

4.17.2+76-ge1f9cb16e2-1ubuntu1

4.17.3+10-g091466ba55-1

4.17.3+10-g091466ba55-1.1ubuntu2

4.17.3+10-g091466ba55-1.1ubuntu3

Ubuntu:25.04 / xen

Package

Name: xen
Purl: pkg:deb/ubuntu/xen@4.20.0-1ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.17.3+10-g091466ba55-1.1ubuntu3

4.19.1-1ubuntu3

4.20.0-1ubuntu1