CVE-2022-42329

 

Published at: - 07-12-2022 02:15

Last modified: - 10-01-2023 08:39

Total changes: - 7

Description

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://xenbits.xenproject.org/xsa/advisory-424.txt
• [oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver-Mailing List, Patch, Third Party Advisory
• [oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver-Mailing List, Patch, Third Party Advisory
• [oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver-Mailing List, Patch, Third Party Advisory
• [debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update-Mailing List, Third Party Advisory
• [debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2022-42329

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures