Main Vulnerability Database Vulnerabilities #VU70470

#VU70470 Resource management error in Xen - CVE-2022-42329

Published: December 21, 2022

Vulnerability identifier: #VU70470

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green

CVE-ID: CVE-2022-42329

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.

Remediation

Install updates from vendor's website.

External links

https://xenbits.xenproject.org/xsa/advisory-424.txt
http://www.openwall.com/lists/oss-security/2022/12/08/3
http://www.openwall.com/lists/oss-security/2022/12/08/2
http://www.openwall.com/lists/oss-security/2022/12/09/2