Vulnerabilities > XEN

DATE CVE VULNERABILITY TITLE RISK
2022-11-01 CVE-2022-42313 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42314 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42315 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42316 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42317 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42318 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42319 Memory Leak vulnerability in multiple products
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily.
local
low complexity
xen debian fedoraproject CWE-401
6.5
2022-11-01 CVE-2022-42320 Incomplete Cleanup vulnerability in multiple products
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.
local
high complexity
xen debian fedoraproject CWE-459
7.0
2022-11-01 CVE-2022-42321 Uncontrolled Recursion vulnerability in multiple products
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g.
local
low complexity
xen debian fedoraproject CWE-674
6.5
2022-11-01 CVE-2022-42322 Memory Leak vulnerability in multiple products
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0.
local
low complexity
xen debian fedoraproject CWE-401
5.5