CVE-2022-42324

UNKNOWN

Published 2022-11-01T00:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-42324. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Xen

xen

Affected Versions:

consult Xen advisory XSA-420

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-2hqj-m7qj-9pc3

Advisory Details

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-42324

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ

WEB https://security.gentoo.org/glsa/202402-07

WEB https://www.debian.org/security/2022/dsa-5272

WEB https://xenbits.xenproject.org/xsa/advisory-420.txt

WEB http://www.openwall.com/lists/oss-security/2022/11/01/10

WEB http://xenbits.xen.org/xsa/advisory-420.html

Advisory provided by GitHub Security Advisory Database. Published: November 1, 2022, Modified: November 3, 2022

References

https://xenbits.xenproject.org/xsa/advisory-420.txt

http://xenbits.xen.org/xsa/advisory-420.html

http://www.openwall.com/lists/oss-security/2022/11/01/10

https://www.debian.org/security/2022/dsa-5272

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

https://security.gentoo.org/glsa/202402-07

Published: 2022-11-01T00:00:00

Last Modified: 2024-08-03T13:03:45.972Z

Copied to clipboard!

CVE-2022-42324

Expert Analysis

Description

Available Exploits

Related News

Affected Products

xen

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!