gsd-2022-42320
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-42320", "description": "Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.", "id": "GSD-2022-42320", "references": [ "https://www.debian.org/security/2022/dsa-5272", "https://www.suse.com/security/cve/CVE-2022-42320.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-42320" ], "details": "Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.", "id": "GSD-2022-42320", "modified": "2023-12-13T01:19:10.499879Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@xen.org", "ID": "CVE-2022-42320", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "xen", "version": { "version_data": [ { "version_affected": "?", "version_value": "consult Xen advisory XSA-417" } ] } } ] }, "vendor_name": "Xen" } ] } }, "configuration": { "configuration_data": { "description": { "description_data": [ { "lang": "eng", "value": "All versions of Xen are in principle vulnerable.\n\nOnly systems running the C variant of Xenstore (xenstored or xenstore-\nstubdom) are vulnerable.\n\nSystems using the Ocaml variant of Xenstore (oxenstored) are not vulnerable.\n\nVulnerable systems are only those running software where one domain is\ngranted access to another\u0027s xenstore nodes, without complete cleanup\nof those nodes on domain destruction. No such software is enabled in\ndefault configurations of upstream Xen.\n\nTherefore upstream Xen, without additional management software (in\nhost or guest(s)), is not vulnerable in the default (host and guest)\nconfiguration." } ] } } }, "credit": { "credit_data": { "description": { "description_data": [ { "lang": "eng", "value": "This issue was discovered by J\u00fcrgen Gro\u00df of SUSE." } ] } } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0." } ] }, "impact": { "impact_data": { "description": { "description_data": [ { "lang": "eng", "value": "In some circumstances, it might be possible for a new guest domain to\naccess resources belonging to a previous domain. The impact would\ndepend on the software in use and the configuration, but might include\nany of denial of service, information leak, or privilege escalation." } ] } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "unknown" } ] } ] }, "references": { "reference_data": [ { "name": "https://xenbits.xenproject.org/xsa/advisory-417.txt", "refsource": "MISC", "url": "https://xenbits.xenproject.org/xsa/advisory-417.txt" }, { "name": "http://xenbits.xen.org/xsa/advisory-417.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-417.html" }, { "name": "[oss-security] 20221101 Xen Security Advisory 417 v2 (CVE-2022-42320) - Xenstore: Guests can get access to Xenstore nodes of deleted domains", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/7" }, { "name": "DSA-5272", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5272" }, { "name": "FEDORA-2022-07438e12df", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/" }, { "name": "FEDORA-2022-99af00f60e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/" }, { "name": "FEDORA-2022-9f51d13fa3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/" }, { "name": "GLSA-202402-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202402-07" } ] }, "workaround": { "workaround_data": { "description": { "description_data": [ { "lang": "eng", "value": "Running oxenstored instead of xenstored will avoid the vulnerability." } ] } } } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0." }, { "lang": "es", "value": "Xenstore: los invitados pueden obtener acceso a los nodos de Xenstore de los dominios eliminados. Los derechos de acceso de los nodos de Xenstore son por domid. Cuando un dominio desaparece, es posible que queden nodos de Xenstore con derechos de acceso que contengan el dominio del dominio eliminado. Normalmente, esto no supone ning\u00fan problema, ya que esas entradas de derechos de acceso se corregir\u00e1n cuando dicho nodo se escriba m\u00e1s adelante. Hay una peque\u00f1a ventana de tiempo cuando se crea un nuevo dominio, donde los derechos de acceso de un dominio anterior con el mismo dominio que el nuevo se considerar\u00e1n todav\u00eda v\u00e1lidos, lo que permitir\u00e1 que el nuevo dominio pueda obtener acceso a un nodo. que estaba destinado a ser accesible por el dominio eliminado. Para que esto suceda, otro dominio debe escribir el nodo antes de que dom0 introduzca el dominio reci\u00e9n creado en Xenstore." } ], "id": "CVE-2022-42320", "lastModified": "2024-02-04T08:15:12.300", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-01T13:15:11.817", "references": [ { "source": "security@xen.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/7" }, { "source": "security@xen.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://xenbits.xen.org/xsa/advisory-417.html" }, { "source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/" }, { "source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/" }, { "source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/" }, { "source": "security@xen.org", "url": "https://security.gentoo.org/glsa/202402-07" }, { "source": "security@xen.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5272" }, { "source": "security@xen.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://xenbits.xenproject.org/xsa/advisory-417.txt" } ], "sourceIdentifier": "security@xen.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-459" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.