Main Vulnerability Database Vulnerabilities #VU70468

#VU70468 Input validation error in Xen - CVE-2022-3643

Published: December 21, 2022

Vulnerability identifier: #VU70468

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green

CVE-ID: CVE-2022-3643

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of network packets. An attacker with access to the guest OS can trigger the related physical NIC on the host to reset, abort, or crash by sending certain kinds of packets.

Remediation

Install updates from vendor's website.

External links

https://xenbits.xenproject.org/xsa/advisory-423.txt
http://www.openwall.com/lists/oss-security/2022/12/07/2

#VU70468 Input validation error in Xen - CVE-2022-3643

Description

Remediation

External links

Please verify you're human