CVE-2022-42326

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xenstore (affected versions not specified)

Description The issue is related to errors in memory release due to the creation of an arbitrary number of nodes via transactions. This can enable a malicious guest to create an arbitrary number of nodes, potentially leading to a denial of service. When a node is created in a transaction and later deleted in the same transaction, the transaction will be terminated with an error. This error occurs only when handling the deleted node at transaction finalization, resulting in the transaction being performed partially without updating the accounting information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2024-03588

CVE-2022-42326

DSA-5272-1

OPENSUSE-SU-2022_3947-1

OPENSUSE-SU-2022_4007-1

SUSE-SU-2022:3925-1

SUSE-SU-2022:3928-1

SUSE-SU-2022:3947-1

SUSE-SU-2022:3960-1

SUSE-SU-2022:3971-1

SUSE-SU-2022:4007-1

SUSE-SU-2022:4241-1

SUSE-SU-2022:4332-1

Affected Products

Suse

Xenstore

CVE-2022-42326

Weakness Enumeration

Related Identifiers

Affected Products

References · 86