VYPR

xenstored

by Xen

Source repositories

CVEs (12)

  • CVE-2022-42320HigNov 1, 2022
    risk 0.46cvss 7.0epss 0.00

    Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those…

  • CVE-2022-42317MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42315MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42313MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2018-15470MedAug 17, 2018
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the order of evaluation of…

  • CVE-2026-23555HigMar 23, 2026
    risk 0.39cvss 7.1epss 0.00

    Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored.…

  • CVE-2020-29486MedDec 15, 2020
    risk 0.39cvss 6.0epss 0.00

    An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0,…

  • CVE-2022-42323MedNov 1, 2022
    risk 0.36cvss 5.5epss 0.00

    Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be…

  • CVE-2022-42310MedNov 1, 2022
    risk 0.36cvss 5.5epss 0.00

    Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the…

  • CVE-2017-14317MedSep 12, 2017
    risk 0.36cvss 5.6epss 0.00

    A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on…

  • CVE-2026-23557MedMay 19, 2026
    risk 0.35cvss 6.5epss 0.00

    Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to…

  • CVE-2013-4416Nov 2, 2013
    risk 0.00cvss epss 0.01

    The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.