CVE-2022-42319

CVE-2022-42319

Name

CVE-2022-42319

Description

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://xenbits.xenproject.org/xsa/advisory-416.txt
CONFIRM	http://xenbits.xen.org/xsa/advisory-416.html
MLIST	http://www.openwall.com/lists/oss-security/2022/11/01/6
DEBIAN	https://www.debian.org/security/2022/dsa-5272
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Type

URI

MISC

https://xenbits.xenproject.org/xsa/advisory-416.txt

CONFIRM

http://xenbits.xen.org/xsa/advisory-416.html

MLIST

http://www.openwall.com/lists/oss-security/2022/11/01/6

DEBIAN

https://www.debian.org/security/2022/dsa-5272

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:xen:xen::::::::`	xen	>= None	<= 4.9.0
`cpe:2.3:o:xen:xen::::::::`	xen	>= 4.9.0	<= None

CPE URI

Source package

Min version

Max version

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

xen

>= None

<= 4.9.0

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

xen

>= 4.9.0

<= None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xen	3.13-main	4.14.5-r7	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
xen	3.15-main	4.15.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.14-main	4.15.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.16-main	4.16.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	edge-main	4.17.1-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.1-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

xen

3.13-main

4.14.5-r7

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

xen

3.15-main