1. Home
  2. Vulnerabilities
  3. CVE-2022-42328

CVE-2022-42328

CVSS v3.1 5.5 (Medium)
55% Progress
EPSS 0.06 % (28th)
0.06% Progress
Affected Products 2
Advisories 36
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

Weaknesses
CWE-667
Improper Locking
Related CVEs
CVE Status
PUBLISHED
CNA
Xen Project
Published Date
2022-12-07 01:15:11
(21 months ago)
Updated Date
2023-01-10 19:40:35
(20 months ago)

Affected Products

Debian

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 6.0 version cpe:2.3:o:linux:linux_kernel < 6.0

Configuration #2

    CPE23 From Up To
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0