QwikSec

Security Database

CVE

CWE

Training

CVE-2022-42319

Published: Nov 1, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.

Vendor	Product	Versions
Xen	xen	unknown `consult Xen advisory XSA-416`

References

https://xenbits.xenproject.org/xsa/advisory-416.txt

http://xenbits.xen.org/xsa/advisory-416.html

[oss-security] 20221101 Xen Security Advisory 416 v2 (CVE-2022-42319) - Xenstore: Guests can cause Xenstore to not free temporary memory

mailing-list

vendor-advisory

FEDORA-2022-07438e12df

vendor-advisory

FEDORA-2022-99af00f60e

vendor-advisory

FEDORA-2022-9f51d13fa3

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.