CVE-2022-42330

EPSS 1.4%

In short

A guest system can crash the Xenstore (a critical shared storage system in Xen) by performing a soft reset or using certain operations. This is dangerous because it affects all virtual machines on the same host.

Technical detail

The Xenstore daemon crashes when processing XS_RELEASE operations, triggered by guest-initiated soft resets or direct XS_RELEASE calls. The vulnerability exists in xenstored's handling of this operation, allowing any guest with Xenstore access to cause a denial of service affecting the hypervisor's control plane.

Summary generated and translated by AI from the official description.

Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact.

Affected products

Xen · xen

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.gentoo.org/glsa/202402-07 https://xenbits.xenproject.org/xsa/advisory-425.txt http://xenbits.xen.org/xsa/advisory-425.html