Strix
26.1K

CVE-2022-42319

MEDIUMCVSS 6.5/10EPSS 0.27%

Last modified

CVE-2022-42319 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS Probability
0.27%

18.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
XenXen>= 4.9.0
DebianDebian Linux11.0
FedoraprojectFedora35
FedoraprojectFedora36
FedoraprojectFedora37

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-42319?
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored.
How severe is CVE-2022-42319?
CVE-2022-42319 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.
How do I fix CVE-2022-42319?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-42319?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST