CVE-2022-42323

Name of the Vulnerable Software and Affected Versions Xenstore versions prior to the fix of XSA-322

Description The issue allows cooperating guests to create an arbitrary number of Xenstore nodes. This is possible when one domain lets another write into its local Xenstore tree, creating many nodes and then rebooting. The created nodes become owned by Dom0, which has no limit on the number of nodes due to Xenstore quota. This can lead to a denial of service.

Recommendations As a temporary workaround, consider restricting the ability of domains to write into each other's local Xenstore trees until a patch is available. Restrict access to the Xenstore node creation functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.