Salvatore Bonaccorso
2023-Jan-28 13:01 UTC
[Pkg-xen-devel] Bug#1029830: xen: CVE-2022-42330
Source: xen
Version: 4.17.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at
security.debian.org>
Hi,
The following vulnerability was published for xen.
CVE-2022-42330[0]:
| Guests can cause Xenstore crash via soft reset When a guest issues a
| "Soft Reset" (e.g. for performing a kexec) the libxl based Xen
| toolstack will normally perform a XS_RELEASE Xenstore operation. Due
| to a bug in xenstored this can result in a crash of xenstored. Any
| other use of XS_RELEASE will have the same impact.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-42330
https://www.cve.org/CVERecord?id=CVE-2022-42330
[1] https://xenbits.xen.org/xsa/advisory-425.html
Regards,
Salvatore
Debian Bug Tracking System
2023-Feb-10 18:39 UTC
[Pkg-xen-devel] Bug#1029830: marked as done (xen: CVE-2022-42330)
Your message dated Fri, 10 Feb 2023 19:28:28 +0100 with message-id <11251679.yHsETcf7j8 at localhost> and subject line fixed in 4.17.0+24-g2f8851c37f-2~exp1 has caused the Debian Bug report #1029830, regarding xen: CVE-2022-42330 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 1029830: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029830 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Salvatore Bonaccorso <carnil at debian.org> Subject: xen: CVE-2022-42330 Date: Sat, 28 Jan 2023 14:01:27 +0100 Size: 2368 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20230210/03a4bbd3/attachment.eml> -------------- next part -------------- An embedded message was scrubbed... From: Maximilian Engelhardt <maxi at daemonizer.de> Subject: fixed in 4.17.0+24-g2f8851c37f-2~exp1 Date: Fri, 10 Feb 2023 19:28:28 +0100 Size: 5198 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20230210/03a4bbd3/attachment-0001.eml>
Seemingly Similar Threads
- Bug#1033297: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
- Bug#1031567: xen: CVE-2022-27672: XSA-426: x86: Cross-Thread Return Address Predictions
- Bug#1056928: xen: CVE-2023-46835 CVE-2023-46836
- Fix build error with GCC 10 due to multiple definition of `toplevel'
- [PATCH RESEND] tftp-hpa: Fix build error with GCC 10 due to multiple definition of `toplevel'