Denial of Service Vulnerability in Xenstore by Xen Project
CVE-2022-42312

6.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 1 November 2022

What is CVE-2022-42312?

The Denial of Service vulnerability in Xenstore allows malicious guests to overwhelm the xenstored service by creating excessive memory allocations. Attackers can cause memory leaks by sending numerous requests without processing responses, generating multiple watch events, and establishing numerous nodes with maximum sizes allowed, which depletes system resources and disrupts service availability.

Affected Version(s)

xen consult Xen advisory XSA-326

References

https://xenbits.xenproject.org/xsa/advisory-326.txt

http://xenbits.xen.org/xsa/advisory-326.html

https://www.debian.org/security/2022/dsa-5272

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 1, 2022
Vulnerability Reserved
Oct 3, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Julien Grall of Amazon.'}]}}}