CVE-2022-42315

2022-11-0100:00:00

ubuntu.com

xenstore

memory allocation

dos

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

27.5%

JSON

Xenstore: guests can let run xenstored out of memory T[his CNA information
record relates to multiple CVEs; the text explains which
aspects/vulnerabilities correspond to which CVE.] Malicious guests can
cause xenstored to allocate vast amounts of memory, eventually resulting in
a Denial of Service (DoS) of xenstored. There are multiple ways how guests
can cause large memory allocations in xenstored: - - by issuing new
requests to xenstored without reading the responses, causing the responses
to be buffered in memory - - by causing large number of watch events to be
generated via setting up multiple xenstore watches and then e.g. deleting
many xenstore nodes below the watched path - - by creating as many nodes as
allowed with the maximum allowed size and path length in as many
transactions as possible - - by accessing many nodes inside a transaction

Notes

Author	Note
mdeslaur	hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxen< anyUNKNOWN
ubuntu20.04noarchxen< anyUNKNOWN
ubuntu22.04noarchxen< anyUNKNOWN
ubuntu23.10noarchxen< anyUNKNOWN
ubuntu24.04noarchxen< anyUNKNOWN
ubuntu16.04noarchxen< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	xen	< any	UNKNOWN
ubuntu	20.04	noarch	xen	< any	UNKNOWN
ubuntu	22.04	noarch	xen	< any	UNKNOWN
ubuntu	23.10	noarch	xen	< any	UNKNOWN
ubuntu	24.04	noarch	xen	< any	UNKNOWN
ubuntu	16.04	noarch	xen	< any	UNKNOWN