How severe is CVE-2022-42328?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2022-42328?

This is classified as CWE-667, which is a common weakness in software security.

CVE-2022-42328

MEDIUM Year: 2022

CVSS v3 Score

6.2

Medium

Weakness Type

CWE-667

View all →

Vulnerability Description

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

CVE-2024-35970

MEDIUM

CVSS:6.3(Medium)

In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit 4090fa373f0e ("af_unix: Replace g...

CWE-6672024

CVE-2021-20315

MEDIUM

CVSS:6.1(Medium)

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allow...

CWE-6672021

CVE-2022-20371

MEDIUM

CVSS:6.4(Medium)

In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. U...

CWE-6672022

CVE-2021-20291

MEDIUM

CVSS:6.5(Medium)

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not ...

CWE-6672021

CVE-2021-31785

MEDIUM

CVSS:6.5(Medium)

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to tr...

CWE-6672021

CVE-2021-31786

MEDIUM

CVSS:6.5(Medium)

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, al...

CWE-6672021

CVE-2022-42328

Vulnerability Description

Related Vulnerabilities

CVE-2024-35970

CVE-2021-20315

CVE-2022-20371

CVE-2021-20291

CVE-2021-31785

CVE-2021-31786