CVE-2022-42324 Information

Description

Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine but in 32-bit builds it truncates off the most significant bit and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring.

Reference

https://xenbits.xenproject.org/xsa/advisory-420.txt http://xenbits.xen.org/xsa/advisory-420.html http://www.openwall.com/lists/oss-security/2022/11/01/10