CVE-2022-42310

Description

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.

How to fix CVE-2022-42310

To remediate CVE-2022-42310, upgrade the affected package to a fixed version below.

—upgrade to 4.15.4-r0 or later
—upgrade to 4.14.5+86-g1c354767d5-1 or later

Is CVE-2022-42310 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.15.4-r0
from 0, < 4.14.5+86-g1c354767d5-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (2)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2022-42310
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-42310