CVE-2022-42312

2022-11-0100:00:00

ubuntu.com

0.0004 Low

EPSS

Percentile

13.7%

JSON

Xenstore: guests can let run xenstored out of memory T[his CNA information
record relates to multiple CVEs; the text explains which
aspects/vulnerabilities correspond to which CVE.] Malicious guests can
cause xenstored to allocate vast amounts of memory, eventually resulting in
a Denial of Service (DoS) of xenstored. There are multiple ways how guests
can cause large memory allocations in xenstored: - - by issuing new
requests to xenstored without reading the responses, causing the responses
to be buffered in memory - - by causing large number of watch events to be
generated via setting up multiple xenstore watches and then e.g. deleting
many xenstore nodes below the watched path - - by creating as many nodes as
allowed with the maximum allowed size and path length in as many
transactions as possible - - by accessing many nodes inside a transaction

Notes

Author	Note
mdeslaur	hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxen< anyUNKNOWN
ubuntu20.04noarchxen< anyUNKNOWN
ubuntu22.04noarchxen< anyUNKNOWN
ubuntu23.10noarchxen< anyUNKNOWN
ubuntu24.04noarchxen< anyUNKNOWN
ubuntu16.04noarchxen< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	xen	< any	UNKNOWN
ubuntu	20.04	noarch	xen	< any	UNKNOWN
ubuntu	22.04	noarch	xen	< any	UNKNOWN
ubuntu	23.10	noarch	xen	< any	UNKNOWN
ubuntu	24.04	noarch	xen	< any	UNKNOWN
ubuntu	16.04	noarch	xen	< any	UNKNOWN