CVE-2022-42325

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xenstore (affected versions not specified)

Description The issue allows guests to create an arbitrary number of nodes via transactions. If a node is created in a transaction and later deleted in the same transaction, the transaction will be terminated with an error. This error occurs when handling the deleted node at transaction finalization, resulting in the transaction being performed partially without updating the accounting information. A malicious guest can exploit this to create an arbitrary number of nodes. The vulnerability is related to errors in memory release due to the creation of an arbitrary number of nodes through transactions, which can lead to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2024-03575

CVE-2022-42325

DSA-5272-1

OPENSUSE-SU-2022_3947-1

OPENSUSE-SU-2022_4007-1

SUSE-SU-2022:3925-1

SUSE-SU-2022:3928-1

SUSE-SU-2022:3947-1

SUSE-SU-2022:3960-1

SUSE-SU-2022:3971-1

SUSE-SU-2022:4007-1

SUSE-SU-2022:4241-1

SUSE-SU-2022:4332-1

Affected Products

Suse

Xenstore

CVE-2022-42325

Weakness Enumeration

Related Identifiers

Affected Products

References · 84