Denial of Service Vulnerability in Xenstore Component by Xen Project
CVE-2022-42315

6.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 1 November 2022

What is CVE-2022-42315?

The vulnerability in the Xenstore component allows malicious users to exploit it by triggering excessive memory allocation, which can lead to a Denial of Service (DoS). This can occur through various means such as issuing excessive new requests without reading the responses, generating numerous watch events, creating maximum-sized nodes, or accessing multiple nodes within a single transaction. If successfully executed, these actions result in the xenstored service becoming unresponsive due to memory exhaustion.

Affected Version(s)

xen consult Xen advisory XSA-326

References

https://xenbits.xenproject.org/xsa/advisory-326.txt

http://xenbits.xen.org/xsa/advisory-326.html

https://www.debian.org/security/2022/dsa-5272

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 1, 2022
Vulnerability Reserved
Oct 3, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Julien Grall of Amazon.'}]}}}