6.5 CVE-2022-42321

Patch

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.
https://nvd.nist.gov/vuln/detail/CVE-2022-42321

Categories

CWE-674 : Uncontrolled Recursion
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack. Ensure an end condition will be reached under all logic conditions. The end condition may include testing against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action. Increase the stack size. Deeply nested arrays trigger stack exhaustion. Self-referencing pointers create infinite loop and resultant stack exhaustion. Javascript application accidentally changes input in a way that prevents a recursive call from detecting an exit condition. An attempt to recover a corrupted XML file infinite recursion protection counter was not always incremented missing the exit condition. USB-audio driver's descriptor code parsing allows unlimited recursion leading to stack exhaustion.

References

CONFIRM Patch

http://xenbits.xen.org/xsa/advisory-418.html Patch Vendor Advisory

DEBIAN

DSA-5272 Third Party Advisory

FEDORA

FEDORA-2022-07438e12df Mailing List Third Party Advisory
FEDORA-2022-99af00f60e Mailing List Third Party Advisory
FEDORA-2022-9f51d13fa3 Mailing List Third Party Advisory

MISC Patch

https://xenbits.xenproject.org/xsa/advisory-418.txt Patch Vendor Advisory

_MLIST

[oss-security] 20221101 Xen Security Advisory 418 v2 (CVE-2022-42321) - Xenstore: Guests can crash xenstored via exhausting the stack Mailing List Third Party Advisory

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:xen:xen:-:::::::*
Configuration 2
cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*

Patch

Url
http://xenbits.xen.org/xsa/advisory-418.html
https://xenbits.xenproject.org/xsa/advisory-418.txt

Exploits

Exploit-db.com

id	description	date
No known exploits

Other (github, ...)

Url
No known exploits

CAPEC

id	description	severity
230	Serialized Data with Nested Payloads Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An adversary determines the input data stream that is being processed by a data parser that supports using substitution on the victim's side. An adversary crafts input data that may have an adverse effect on the operation of the parser when the data is parsed on the victim's system.	High
231	Oversized Serialized Data Payloads An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution. An adversary determines the input data stream that is being processed by an serialized data parser on the victim's side. An adversary crafts input data that may have an adverse effect on the operation of the data parser when the data is parsed on the victim's system.	High

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution