SB2022110158 - Fedora 37 update for xen

Main Vulnerability Database SB2022110158

SB2022110158 - Fedora 37 update for xen

Published: November 1, 2022

Security Bulletin ID SB2022110158

Severity

Medium

Patch available

YES

Number of vulnerabilities 19

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 19 secuirty vulnerabilities.

1) Improper Privilege Management (CVE-ID: CVE-2022-42327)

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improper privilege management. A malicious guest is able to access unintended shared memory page, read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode.

2) Release of invalid pointer or reference (CVE-ID: CVE-2022-42309)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of a wrong pointer during the node creation in Xenstore. A malicious guest can cause xenstored to crash.

3) Resource management error (CVE-ID: CVE-2022-42310)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within Xenstore, which can result in orphaned nodes being created and never removed in the Xenstore database. A malicious guest can cause inconsistencies in the xenstored data base, resulting in unusual error responses or memory leaks in xenstored.

4) Resource management error (CVE-ID: CVE-2022-42311)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

5) Resource management error (CVE-ID: CVE-2022-42312)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

6) Resource management error (CVE-ID: CVE-2022-42313)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

7) Resource management error (CVE-ID: CVE-2022-42314)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2022-42315)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

9) Resource management error (CVE-ID: CVE-2022-42316)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

10) Resource management error (CVE-ID: CVE-2022-42317)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

11) Resource management error (CVE-ID: CVE-2022-42318)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

12) Resource exhaustion (CVE-ID: CVE-2022-42319)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists in Xenstore due to allocated temporary memory is freed only after the request is completely finished. A malicious guest can allocate large amounts of memory and perform a denial of service (DoS) attack.

13) Improper Privilege Management (CVE-ID: CVE-2022-42320)

The vulnerability allows a malicious guest to escalate privileges.

The vulnerability exists due to improper privilege management in Xenstore. A malicious new guest domain can access resources belonging to a previous domain. The impact depends on the software in use and cal result in a denial of service, information disclosure or privilege escalation.

14) Uncontrolled Recursion (CVE-ID: CVE-2022-42321)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion in Xenstore. A malicious guest can create very deep nesting levels of Xenstore nodes and perform stack exhaustion on xenstored.

15) Resource exhaustion (CVE-ID: CVE-2022-42322)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient control over consumption of internal resources in Xenstore. Two malicious guests working together can drive xenstored into an out of memory situation, resulting in a Denial of Service (DoS) of xenstored.

16) Resource exhaustion (CVE-ID: CVE-2022-42323)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient control over consumption of internal resources in Xenstore. Two malicious guests working together can drive xenstored into an out of memory situation, resulting in a Denial of Service (DoS) of xenstored.

17) Infinite loop (CVE-ID: CVE-2022-42324)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to an integer truncation issue. A malicious guest can write a packet into the xenstore ring which causes 32-bit builds of oxenstored to busy loop, resulting in a denial of service condition.

18) Resource exhaustion (CVE-ID: CVE-2022-42325)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to missing control over the number of created nodes in Xenstore. A malicious guest can consume all available memory resources by created an unlimited number of nodes.

The vulnerability affects the C variant of Xenstore (e.g. xenstored and xenstore-stubdom).

19) Resource exhaustion (CVE-ID: CVE-2022-42326)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to missing control over the number of created nodes in Xenstore. A malicious guest can consume all available memory resources by created an unlimited number of nodes.

The vulnerability affects the C variant of Xenstore (e.g. xenstored and xenstore-stubdom).

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2022-674b1243c2