CVE-2022-42319
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.
Xenstore: Los invitados pueden hacer que Xenstore no libere memoria temporal Cuando trabaja en una solicitud de un invitado, es posible que xenstored necesite asignar cantidades bastante grandes de memoria temporalmente. Esta memoria se libera sólo después de que la solicitud haya finalizado por completo. Una solicitud se considera finalizada sólo después de que el huésped haya leído el mensaje de respuesta de la solicitud desde la página de timbre. Por lo tanto, un invitado que no lea la respuesta puede hacer que xenstored no libere la memoria temporal. Esto puede provocar escasez de memoria y provocar Denegación de Servicio (DoS) de xenstored.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-03 CVE Reserved
- 2022-11-01 CVE Published
- 2024-02-06 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/11/01/6 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://xenbits.xen.org/xsa/advisory-416.html | 2024-02-04 | |
| https://xenbits.xenproject.org/xsa/advisory-416.txt | 2024-02-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | >= 4.9.0 Search vendor "Xen" for product "Xen" and version " >= 4.9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||