Xenstore: Guests can get access to Xenstore nodes of deleted domains (XSA-417)

high Nessus Plugin ID 167279

Synopsis

The remote Xen hypervisor installation is missing a security update.

Description

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.
When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain.
This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the appropriate patch according to the vendor advisory.

See Also

https://xenbits.xenproject.org/xsa/advisory-417.txt

Plugin Details

Severity: High

ID: 167279

File Name: xen_server_XSA-417.nasl

Version: 1.4

Type: local

Family: Misc.

Published: 11/11/2022

Updated: 9/8/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-42320

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:xen:xen

Required KB Items: Settings/ParanoidReport, installed_sw/Xen Hypervisor

Exploit Ease: No known exploits are available

Patch Publication Date: 11/1/2022

Vulnerability Publication Date: 11/1/2022

Reference Information

CVE: CVE-2022-42320

IAVB: 2022-B-0048-S