Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 17 |
CVE-ID | CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 |
CWE-ID | CWE-763 CWE-399 CWE-400 CWE-269 CWE-674 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
SUSE Linux Enterprise Server Operating systems & Components / Operating system xen-tools-domU-debuginfo Operating systems & Components / Operating system package or component xen-tools-domU Operating systems & Components / Operating system package or component xen-tools-debuginfo Operating systems & Components / Operating system package or component xen-tools Operating systems & Components / Operating system package or component xen-libs-debuginfo Operating systems & Components / Operating system package or component xen-libs-debuginfo-32bit Operating systems & Components / Operating system package or component xen-libs Operating systems & Components / Operating system package or component xen-libs-32bit Operating systems & Components / Operating system package or component xen-doc-html Operating systems & Components / Operating system package or component xen-debugsource Operating systems & Components / Operating system package or component xen Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
EUVDB-ID: #VU70589
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42309
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of a wrong pointer during the node creation in Xenstore. A malicious guest can cause xenstored to crash.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70588
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42310
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within Xenstore, which can result in orphaned nodes being created and never removed in the Xenstore database. A malicious guest can cause inconsistencies in the xenstored data base, resulting in unusual error responses or memory leaks in xenstored.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70590
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42311
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70591
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42312
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70592
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42313
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70593
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42314
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70594
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42315
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70595
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42316
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70596
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42317
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70597
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42318
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70587
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42319
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists in Xenstore due to allocated temporary memory is freed only after the request is completely finished. A malicious guest can allocate large amounts of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70586
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42320
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges.
The vulnerability exists due to improper privilege management in Xenstore. A malicious new guest domain can access resources belonging to a previous domain. The impact depends on the software in use and cal result in a denial of service, information disclosure or privilege escalation.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70585
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42321
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in Xenstore. A malicious guest can create very deep nesting levels of Xenstore nodes and perform stack exhaustion on xenstored.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70583
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42322
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control over consumption of internal resources in Xenstore. Two malicious guests working together can drive xenstored into an out of memory situation, resulting in a Denial of Service (DoS) of xenstored.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70584
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42323
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control over consumption of internal resources in Xenstore. Two malicious guests working together can drive xenstored into an out of memory situation, resulting in a Denial of Service (DoS) of xenstored.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70581
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42325
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to missing control over the number of created nodes in Xenstore. A malicious guest can consume all available memory resources by created an unlimited number of nodes.
The vulnerability affects the C variant of Xenstore (e.g. xenstored and xenstore-stubdom).
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70582
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42326
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to missing control over the number of created nodes in Xenstore. A malicious guest can consume all available memory resources by created an unlimited number of nodes.
The vulnerability affects the C variant of Xenstore (e.g. xenstored and xenstore-stubdom).
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 12-SP3-BCL
xen-tools-domU-debuginfo: before 4.9.4_34-3.114.1
xen-tools-domU: before 4.9.4_34-3.114.1
xen-tools-debuginfo: before 4.9.4_34-3.114.1
xen-tools: before 4.9.4_34-3.114.1
xen-libs-debuginfo: before 4.9.4_34-3.114.1
xen-libs-debuginfo-32bit: before 4.9.4_34-3.114.1
xen-libs: before 4.9.4_34-3.114.1
xen-libs-32bit: before 4.9.4_34-3.114.1
xen-doc-html: before 4.9.4_34-3.114.1
xen-debugsource: before 4.9.4_34-3.114.1
xen: before 4.9.4_34-3.114.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20223960-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.