CVE-2022-42311

{"id": "CVE-2022-42311", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2022-11-01T13:15:11.350", "references": [{"url": "http://xenbits.xen.org/xsa/advisory-326.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@xen.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/", "source": "security@xen.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/", "source": "security@xen.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/", "source": "security@xen.org"}, {"url": "https://www.debian.org/security/2022/dsa-5272", "tags": ["Third Party Advisory"], "source": "security@xen.org"}, {"url": "https://xenbits.xenproject.org/xsa/advisory-326.txt", "tags": ["Patch", "Vendor Advisory"], "source": "security@xen.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction"}, {"lang": "es", "value": "Xenstore: los invitados pueden dejar ejecutar xenstored sin memoria. Este registro de informaci\u00f3n CNA se relaciona con m\u00faltiples CVE; el texto explica qu\u00e9 aspectos/vulnerabilidades corresponden a cada CVE.] Los invitados maliciosos pueden hacer que xenstored asigne grandes cantidades de memoria, lo que eventualmente resultar\u00e1 en una Denegaci\u00f3n de Servicio (DoS) de xenstored. Hay varias maneras en que los invitados pueden provocar grandes asignaciones de memoria en xenstored: - - emitiendo nuevas solicitudes a xenstored sin leer las respuestas, lo que hace que las respuestas se almacenen en la memoria - - provocando que se genere una gran cantidad de eventos de observaci\u00f3n mediante la configuraci\u00f3n m\u00faltiples vigilancias de xenstore y luego, por ejemplo, eliminar muchos nodos de xenstore debajo de la ruta vigilada - - creando tantos nodos como se permita con el tama\u00f1o y la longitud de ruta m\u00e1ximos permitidos en tantas transacciones como sea posible - - accediendo a muchos nodos dentro de una transacci\u00f3n"}], "lastModified": "2023-11-07T03:53:15.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "security@xen.org"}