VDB

CISA-2022-42329

CISA-2022-42329 PUBLISHED CVSS 5.5 MEDIUM

Reported by XEN · Published December 7, 2022

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
LinuxLinuxconsult Xen advisory XSA-424
LinuxLinux*, consult Xen advisory XSA-424

Timeline

  • Dec 7, 2022 CVE Published
  • Apr 23, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›