CVE Vulnerability

CVE-2022-42329

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://xenbits.xenproject.org/xsa/advisory-424.txt Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/12/08/3 Mailing List Patch
http://www.openwall.com/lists/oss-security/2022/12/08/2 Mailing List Patch
http://www.openwall.com/lists/oss-security/2022/12/09/2 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Information

Published : 2022-12-07 01:15

Updated : 2023-01-10 07:39

NVD link : CVE-2022-42329

Mitre link : CVE-2022-42329

Products Affected
No products.
CWE
CWE-667