Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-01 CVE-2022-42310 Incomplete Cleanup vulnerability in multiple products
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created.
local
low complexity
xen debian fedoraproject CWE-459
5.5
2022-11-01 CVE-2022-42317 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42318 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42319 Memory Leak vulnerability in multiple products
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily.
local
low complexity
xen debian fedoraproject CWE-401
6.5
2022-11-01 CVE-2022-42321 Uncontrolled Recursion vulnerability in multiple products
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g.
local
low complexity
xen debian fedoraproject CWE-674
6.5
2022-11-01 CVE-2022-42322 Memory Leak vulnerability in multiple products
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0.
local
low complexity
xen debian fedoraproject CWE-401
5.5
2022-11-01 CVE-2022-42323 Memory Leak vulnerability in multiple products
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0.
local
low complexity
xen debian fedoraproject CWE-401
5.5
2022-11-01 CVE-2022-42325 Memory Leak vulnerability in multiple products
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error.
local
low complexity
xen debian fedoraproject CWE-401
5.5
2022-11-01 CVE-2022-42326 Memory Leak vulnerability in multiple products
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error.
local
low complexity
xen debian fedoraproject CWE-401
5.5
2022-10-19 CVE-2022-3586 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel’s networking code.
local
low complexity
linux debian CWE-416
5.5