CVE-2022-42321 - OpenCVE

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Xen	Xen
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/11/01/8	Mailing List Third Party Advisory
http://xenbits.xen.org/xsa/advisory-418.html	Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
https://security.gentoo.org/glsa/202402-07
https://www.debian.org/security/2022/dsa-5272	Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-418.txt	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: XEN

Published: 2022-11-01T00:00:00

Updated: 2024-02-04T08:07:35.778657

Reserved: 2022-10-03T00:00:00

Link: CVE-2022-42321

JSON object: View

NVD Information

Status : Modified

Published: 2022-11-01T13:15:11.870

Modified: 2024-02-04T08:15:12.390

Link: CVE-2022-42321

JSON object: View

Redhat Information

No data.

CWE

CWE-674

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42321", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "dateUpdated": "2024-02-04T08:07:35.778657", "dateReserved": "2022-10-03T00:00:00", "datePublished": "2022-11-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-02-04T08:07:35.778657"}, "descriptions": [{"lang": "en", "value": "Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored."}], "affected": [{"vendor": "Xen", "product": "xen", "versions": [{"version": "consult Xen advisory XSA-418", "status": "unknown"}]}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-418.txt"}, {"url": "http://xenbits.xen.org/xsa/advisory-418.html"}, {"name": "[oss-security] 20221101 Xen Security Advisory 418 v2 (CVE-2022-42321) - Xenstore: Guests can crash xenstored via exhausting the stack", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/8"}, {"name": "DSA-5272", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"name": "FEDORA-2022-07438e12df", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"name": "FEDORA-2022-99af00f60e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"name": "FEDORA-2022-9f51d13fa3", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"name": "GLSA-202402-07", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202402-07"}], "credits": [{"lang": "en", "value": "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by David Vrabel of Amazon.'}]}}}"}], "metrics": [{"other": {"type": "unknown", "content": {"description": {"description_data": [{"lang": "eng", "value": "A malicious guest creating very deep nesting levels of Xenstore nodes\nmight be able to crash xenstored, resulting in a Denial of Service (DoS)\nof Xenstore.\n\nThis will inhibit creation of new guests or changing the configuration of\nalready running guests."}]}}}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "unknown"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored."}, {"lang": "es", "value": "Xenstore: los invitados pueden bloquear xenstored al agotar la pila. Xenstored utiliza la recursividad para algunas operaciones de Xenstore (por ejemplo, para eliminar un sub\u00e1rbol de nodos de Xenstore). Con niveles de anidamiento suficientemente profundos, esto puede provocar el agotamiento de la pila en xenstored, lo que provocar\u00e1 un fallo de xenstored."}], "id": "CVE-2022-42321", "lastModified": "2024-02-04T08:15:12.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-01T13:15:11.870", "references": [{"source": "security@xen.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/8"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-418.html"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"source": "security@xen.org", "url": "https://security.gentoo.org/glsa/202402-07"}, {"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-418.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}