Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
Published 2022-12-07 01:15:11
Updated 2023-01-10 19:39:44
Source Xen Project
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-42329

0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-42329

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.5
MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.8
3.6
NIST

CWE ids for CVE-2022-42329

  • The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-42329

Products affected by CVE-2022-42329

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!