CVE-2022-42319

Published: Nov 1, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.

Affected (5)

Products: Xen: Xen · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	From 4.9.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (16)

http://www.openwall.com/lists/oss-security/2022/11/01/6

Source: security@xen.org

Mailing ListThird Party Advisory

http://xenbits.xen.org/xsa/advisory-416.html

Source: security@xen.org

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Source: security@xen.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Source: security@xen.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

Source: security@xen.org

https://security.gentoo.org/glsa/202402-07

Source: security@xen.org

https://www.debian.org/security/2022/dsa-5272

Source: security@xen.org

Third Party Advisory

https://xenbits.xenproject.org/xsa/advisory-416.txt

Source: security@xen.org

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2022/11/01/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://xenbits.xen.org/xsa/advisory-416.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202402-07

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2022/dsa-5272

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://xenbits.xenproject.org/xsa/advisory-416.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.