Vulnerability Name:

CVE-2022-23036 (CCN-221471)

Assigned:2022-03-10
Published:2022-03-10
Updated:2022-11-29
Summary:
CVSS v3 Severity:7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2022-23036

Source: CCN
Type: Xen Security Advisory XSA-396
Linux PV device frontends vulnerable to attacks by backends

Source: XF
Type: UNKNOWN
xen-cve202223036-sec-bypass(221471)

Source: security@xen.org
Type: Mailing List, Third Party Advisory
security@xen.org

Source: security@xen.org
Type: Third Party Advisory
security@xen.org

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7539
    P
    kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8090
    P
    reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3453
    P
    clamav-0.101.3-1.19 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3567
    P
    libXtst6-1.2.2-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3398
    P
    wpa_supplicant-2.6-15.10.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3448
    P
    busybox-1.21.1-3.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95028
    P
    kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2960
    P
    kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95078
    P
    reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95083
    P
    kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94590
    P
    kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95197
    P
    kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:4733
    P
    Security update for the Linux Kernel (Important)
    2022-04-26
    oval:org.opensuse.security:def:125349
    P
    Security update for the Linux Kernel (Important)
    2022-04-19
    oval:org.opensuse.security:def:125694
    P
    Security update for the Linux Kernel (Important)
    2022-04-19
    oval:org.opensuse.security:def:118437
    P
    Security update for the Linux Kernel (Important)
    2022-04-19
    oval:org.opensuse.security:def:126860
    P
    Security update for the Linux Kernel (Important)
    2022-04-19
    oval:org.opensuse.security:def:6012
    P
    Security update for the Linux Kernel (Important)
    2022-04-19
    oval:org.opensuse.security:def:125110
    P
    Security update for the Linux Kernel (Important)
    2022-04-19
    oval:org.opensuse.security:def:127257
    P
    Security update for the Linux Kernel (Important)
    2022-04-19
    oval:org.opensuse.security:def:42175
    P
    Security update for the Linux Kernel (Important)
    2022-04-19
    oval:org.opensuse.security:def:118680
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:5220
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:119367
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:118122
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:4294
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:118870
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:6009
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:119552
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:4573
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:119060
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:42174
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:118644
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:119177
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:6327
    P
    Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:1557
    P
    Security update for the Linux Kernel (Important)
    2022-04-12
    oval:org.opensuse.security:def:102121
    P
    Security update for the Linux Kernel (Important)
    2022-04-12
    oval:org.opensuse.security:def:1795
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:843
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:101828
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:99193
    P
    (Important)
    2022-03-30
    oval:org.opensuse.security:def:102154
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:100390
    P
    (Important)
    2022-03-30
    oval:org.opensuse.security:def:42254
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:1150
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:101889
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:99463
    P
    (Important)
    2022-03-30
    oval:org.opensuse.security:def:1594
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:102304
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:100723
    P
    (Important)
    2022-03-30
    oval:org.opensuse.security:def:42255
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:1229
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:101951
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:99725
    P
    (Important)
    2022-03-30
    oval:org.opensuse.security:def:1746
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:102347
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:101574
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:1298
    P
    Security update for the Linux Kernel (Important)
    2022-03-30
    oval:org.opensuse.security:def:100056
    P
    (Important)
    2022-03-30
    BACK
    xensource xen *