CVE-2022-42322

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xenstore (affected versions not specified)

Description The issue allows cooperating guests to create an arbitrary number of Xenstore nodes. This is possible when one guest lets another write into its local Xenstore tree, creating many nodes and then rebooting. The nodes created will be owned by Dom0, which has no limit on the number of nodes it can own due to Xenstore quota. This can lead to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2024-03580

CVE-2022-42322

DSA-5272-1

OPENSUSE-SU-2022_3947-1

OPENSUSE-SU-2022_4007-1

SUSE-SU-2022:3925-1

SUSE-SU-2022:3928-1

SUSE-SU-2022:3947-1

SUSE-SU-2022:3960-1

SUSE-SU-2022:3971-1

SUSE-SU-2022:4007-1

SUSE-SU-2022:4051-1

SUSE-SU-2022:4241-1

SUSE-SU-2022:4332-1

Affected Products

Suse

Xenstore

CVE-2022-42322

Weakness Enumeration

Related Identifiers

Affected Products

References · 86