CVE-2022-42329

CVSS V2 None CVSS V3 None
Description
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
Overview
  • CVE ID
  • CVE-2022-42329
  • Assigner
  • security@xen.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-07T01:15:11
  • Last Modified Date
  • 2023-01-10T19:39:44
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 1 OR 6.0
History
Created Old Value New Value Data Type Notes
2022-12-07 18:06:52 Added to TrackCVE
2022-12-08 20:16:06 2022-12-07T01:15:11.323 2022-12-07T01:15:11 CVE Published Date updated
2022-12-08 20:16:06 2022-12-08T19:15:10 CVE Modified Date updated
2022-12-08 20:16:07 References updated
2022-12-09 19:17:19 2022-12-09T19:15:13 CVE Modified Date updated
2022-12-09 19:17:20 References updated
2022-12-11 07:14:57 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-12 16:15:48 2022-12-12T15:25:58 CVE Modified Date updated
2022-12-12 16:15:48 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-12 16:15:48 CWE-667 Weakness Enumeration new
2022-12-12 16:15:50 CPE Information updated
2022-12-22 17:15:20 2022-12-22T16:15:30 CVE Modified Date updated
2022-12-22 17:15:20 Analyzed Modified Vulnerability Status updated
2022-12-22 17:15:20 References updated
2022-12-22 20:15:24 Modified Undergoing Analysis Vulnerability Status updated
2022-12-24 02:15:31 2022-12-24T01:15:12 CVE Modified Date updated
2022-12-24 02:15:33 References updated
2023-01-10 20:25:45 2023-01-10T19:39:44 CVE Modified Date updated
2023-01-10 20:25:45 Undergoing Analysis Analyzed Vulnerability Status updated