Medium severity5.5NVD Advisory· Published Nov 1, 2022· Updated Jun 17, 2026
CVE-2022-42310
CVE-2022-42310
Description
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
39- osv-coords37 versionspkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/xen&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/xen&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 4.14.5_08-150300.3.40.1+ 36 more
- (no CPE)range: < 4.14.5_08-150300.3.40.1
- (no CPE)range: < 4.16.2_08-150400.4.16.1
- (no CPE)range: < 4.14.5_08-150300.3.40.1
- (no CPE)range: < 4.12.4_30-150100.3.80.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.12.4_30-150100.3.80.1
- (no CPE)range: < 4.12.4_30-150100.3.80.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.10.4_40-150000.3.84.1
- (no CPE)range: < 4.10.4_40-150000.3.84.1
- (no CPE)range: < 4.14.5_08-150300.3.40.1
- (no CPE)range: < 4.14.5_08-150300.3.40.1
- (no CPE)range: < 4.16.2_08-150400.4.16.1
- (no CPE)range: < 4.14.5_08-150300.3.40.1
- (no CPE)range: < 4.16.2_08-150400.4.16.1
- (no CPE)range: < 4.14.5_08-150300.3.40.1
- (no CPE)range: < 4.16.2_08-150400.4.16.1
- (no CPE)range: < 4.7.6_28-43.98.1
- (no CPE)range: < 4.9.4_34-3.114.1
- (no CPE)range: < 4.11.4_34-2.83.1
- (no CPE)range: < 4.12.4_30-3.82.1
- (no CPE)range: < 4.12.4_30-150100.3.80.1
- (no CPE)range: < 4.12.4_30-150100.3.80.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.11.4_34-2.83.1
- (no CPE)range: < 4.12.4_30-3.82.1
- (no CPE)range: < 4.10.4_40-150000.3.84.1
- (no CPE)range: < 4.12.4_30-150100.3.80.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.12.4_30-3.82.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.13.4_16-150200.3.65.1
- (no CPE)range: < 4.11.4_34-2.83.1
- (no CPE)range: < 4.11.4_34-2.83.1
Patches
Vulnerability mechanics
References
8- xenbits.xen.org/xsa/advisory-415.htmlnvdPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2022/11/01/5nvdMailing ListThird Party Advisory
- www.debian.org/security/2022/dsa-5272nvdThird Party Advisory
- xenbits.xenproject.org/xsa/advisory-415.txtnvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/nvd
- security.gentoo.org/glsa/202402-07nvd
News mentions
0No linked articles in our index yet.