CVE-2022-42319

CVE	CVE-2022-42319
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-01 13:15:00 UTC
Updated	2024-02-04 08:15:00 UTC
Description	Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.

Problem Types: CWE-401

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Xen	Xen	All	All	All	All
Operating System	Xen	Xen	All	All	All	All

Reference	Source	Link	Tags
XSA-416 - Xen Security Advisories	CONFIRM	xenbits.xen.org
[SECURITY] Fedora 37 Update: xen-4.16.2-4.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
xenbits.xenproject.org/xsa/advisory-416.txt	MISC	xenbits.xenproject.org
Xen: Multiple Vulnerabilities (GLSA 202402-07) — Gentoo security		security.gentoo.org
[SECURITY] Fedora 37 Update: xen-4.16.2-4.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Debian -- Security Information -- DSA-5272-1 xen	DEBIAN	www.debian.org
[SECURITY] Fedora 36 Update: xen-4.16.2-3.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
oss-security - Xen Security Advisory 416 v2 (CVE-2022-42319) - Xenstore: Guests can cause Xenstore to not free temporary memory	MLIST	www.openwall.com
[SECURITY] Fedora 36 Update: xen-4.16.2-3.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: xen-4.15.3-7.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: xen-4.15.3-7.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

LEGACY: Array

181193 Debian Security Update for xen (DSA 5272-1)
184821 Debian Security Update for xen (CVE-2022-42319)
283293 Fedora Security Update for xen (FEDORA-2022-07438e12df)
283319 Fedora Security Update for xen (FEDORA-2022-99af00f60e)
283430 Fedora Security Update for xen (FEDORA-2022-9f51d13fa3)
390275 Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2023-0005)
502600 Alpine Linux Security Update for xen
502619 Alpine Linux Security Update for xen
503143 Alpine Linux Security Update for xen
503695 Alpine Linux Security Update for xen
504549 Alpine Linux Security Update for xen
505964 Alpine Linux Security Update for xen
710858 Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202402-07)
752778 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:3925-1)
752781 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:3928-1)
752792 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:3947-1)
752796 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:3971-1)
752807 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:4007-1)
752887 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:4241-1)
752979 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:4332-1)