CVE-2022-42330
HIGHXen - Denial of Service via XS_RELEASE Xenstore Operation
Title source: llmDescription
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact.
References (3)
Core 3
Core References
Various Sources
http://xenbits.xen.org/xsa/advisory-425.html
Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-425.txt
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202402-07
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (1)
xen/xen
4.17.0
Published
Jan 26, 2023
Tracked Since
Feb 18, 2026