CVE-2022-42320: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-42320 (XSA-417) is a vulnerability in Xen's Xenstore component discovered by Jürgen Groß of SUSE and publicly disclosed on November 1, 2022. The vulnerability affects all versions of Xen running the C variant of Xenstore (xenstored or xenstore-stubdom), while systems using the Ocaml variant (oxenstored) are not affected (Xen Advisory).

The vulnerability stems from how Xenstore handles access rights of nodes per domain ID. When a domain is removed, Xenstore nodes may retain access rights containing the removed domain's ID. While these rights are typically corrected when the node is written later, there exists a race condition during new domain creation. During this window, a new domain with the same domain ID as a previously removed domain can access nodes that were meant to be accessible only by the removed domain. This occurs when another domain writes to the node before the new domain is introduced to Xenstore by dom0 (Xen Advisory).

The vulnerability can allow a new guest domain to access resources belonging to a previous domain. The specific impact depends on the software and configuration in use, potentially leading to denial of service, information leaks, or privilege escalation. However, default configurations of upstream Xen without additional management software are not vulnerable (Xen Advisory).

The primary mitigation is to run oxenstored instead of xenstored. For systems that cannot switch to oxenstored, patches have been released for Xen versions 4.13.x through 4.16.x. Various Linux distributions have also released security updates, including Debian (version 4.14.5+86-g1c354767d5-1) and Fedora (Debian Advisory, Fedora Update).