CVE-2022-42319

2022-11-0113:15:11

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

13.5%

JSON

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.

CPENameOperatorVersion
xeneq4.2.2-r11
xeneq4.1.0-r2
xeneq4.2.2-r7
xeneq4.2.0-r2
xeneq4.9.0-r2
xeneq4.3.1-r0
xeneq4.1.2-r9
xeneq4.7.0-r3
xeneq4.14.0-r3
xeneq4.5.1-r3