Hide Forgot
A flaw in the Linux Kernel XEN found (emulated network device driver). When trying to free the SKB of a packet dropped, the deadlock can happen (CVE-2022-42328). Additionally when dropping packets for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). A malicious guest could cause Denial of Service (DoS) of the host via the paravirtualized network interface. References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/net/xen-netback/interface.c?h=v6.1&id=74e7e1efdad45580cc3839f2a155174cf158f9b5 https://www.openwall.com/lists/oss-security/2022/12/08/2 https://www.openwall.com/lists/oss-security/2022/12/08/3 https://www.openwall.com/lists/oss-security/2022/12/09/2
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2156216]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-42328 https://access.redhat.com/security/cve/cve-2022-42329
This was fixed for Fedora with the 6.0.13 stable kernel release