Xenstore Crash Vulnerability in Xen Toolstack by Xen Project
CVE-2022-42330

7.5HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 26 January 2023

What is CVE-2022-42330?

The vulnerability in the Xen Toolstack affects the libxl component, where a guest can trigger a crash in the Xenstore when issuing a 'Soft Reset'. This occurs due to a flaw in the xenstored implementation that incorrectly handles the XS_RELEASE operation during the reset process. As a result, this can lead to Denial of Service conditions, whereby the Xenstore becomes unresponsive, affecting the overall functionality of the virtualization environment. Proper mitigation and awareness of the affected versions are essential to maintain system integrity.

Affected Version(s)

xen consult Xen advisory XSA-425

References

https://xenbits.xenproject.org/xsa/advisory-425.txt

https://security.gentoo.org/glsa/202402-07

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Oct 3, 2022