{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T07:44:10.883","vulnerabilities":[{"cve":{"id":"CVE-2022-42324","sourceIdentifier":"security@xen.org","published":"2022-11-01T13:15:12.017","lastModified":"2024-11-21T07:24:45.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring."},{"lang":"es","value":"Problemas de truncado de enteros de 32 a 31 bits almacenados en Oxenstored. Los enteros en Ocaml tienen 63 o 31 bits de precisión confirmada. La librería Ocaml Xenbus extrae una variable uint32_t de C del anillo y lo convierte directamente en un entero Ocaml. En compilaciones de Ocaml de 64 bits, esto está bien, pero en compilaciones de 32 bits, trunca el bit más significativo y luego crea confusión sin confirmación/confirmada en el resto. Esto, a su vez, puede introducir un valor negativo en la lógica que no espera un valor negativo, lo que genera excepciones inesperadas. La excepción inesperada no se maneja adecuadamente, lo que crea un bucle de ocupación al intentar (y fallar) sacar el paquete defectuoso del anillo xenstore."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-681"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","matchCriteriaId":"C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2022/11/01/10","source":"security@xen.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://xenbits.xen.org/xsa/advisory-420.html","source":"security@xen.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/","source":"security@xen.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/","source":"security@xen.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/","source":"security@xen.org"},{"url":"https://security.gentoo.org/glsa/202402-07","source":"security@xen.org"},{"url":"https://www.debian.org/security/2022/dsa-5272","source":"security@xen.org","tags":["Third Party Advisory"]},{"url":"https://xenbits.xenproject.org/xsa/advisory-420.txt","source":"security@xen.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/11/01/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://xenbits.xen.org/xsa/advisory-420.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202402-07","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2022/dsa-5272","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://xenbits.xenproject.org/xsa/advisory-420.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}