How severe is CVE-2022-42320?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2022-42320?

This is classified as CWE-459, which is a common weakness in software security.

CVE-2022-42320 - HIGH Severity | CVSS 7

Vulnerability Description

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.

Related Vulnerabilities

CVE-2019-5011

HIGH

CVSS:7.1(High)

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upg...

CWE-4592019

CVE-2021-47110

HIGH

CVSS:7.1(High)

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens f...

CWE-4592021

CVE-2022-45455

MEDIUM

CVSS:6.6(Medium)

Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before...

CWE-4592022

CVE-2024-20303

HIGH

CVSS:7.4(High)

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service ...

CWE-4592024

CVE-2002-2066

HIGH

CVSS:7.5(High)

BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information tha...

CWE-4592002

CVE-2002-2067

HIGH

CVSS:7.5(High)

East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be dele...

CWE-4592002