Updated: 2023-11-04 20:35:42.933052
Description:
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Ignored | 2023-11-08 04:07:27 | |
| AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 5.5 | MEDIUM | Ignored | 2023-11-21 04:12:03 | |
| CentOS 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2022-12-13 04:02:54 | |
| CentOS 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2023-09-19 05:07:31 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2022-12-13 04:02:54 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2022-12-13 04:02:54 | |
| CloudLinux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2022-12-13 04:02:54 | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2022-12-13 04:02:54 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 5.5 | MEDIUM | Released | CLSA-2023:1677764911 | 2023-03-02 10:05:14 |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 5.5 | MEDIUM | Not Vulnerable | 2023-04-21 03:21:25 |