CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
14.2%
Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage.
Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.
A malicious guest can cause xenstored to crash, resulting in the inability to create new guests or to change the configuration of running guests.
Memory corruption in xenstored or privilege escalation of a guest can’t be ruled out.
All Xen versions with the fix for XSA-115 running the C variant of Xenstore (xenstored or xenstore-stubdom) are vulnerable.
Systems using the Ocaml variant of Xenstore (oxenstored) are not vulnerable.