VDB
CISA-2022-42329
CISA-2022-42329
PUBLISHED
CVSS 5.5 MEDIUM
Reported by XEN · Published December 7, 2022
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | consult Xen advisory XSA-424 |
| Linux | Linux | *, consult Xen advisory XSA-424 |
Timeline
- Dec 7, 2022 CVE Published
- Apr 23, 2025 CVE Updated
References
- [oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver mailing-list
- [oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver mailing-list
- [oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver mailing-list
- [debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update mailing-list
- [debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update mailing-list