First Last Prev Next    This bug is not in your last search results.
Bug 1204482 - (CVE-2022-42311) VUL-0: CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (XSA-326)
(CVE-2022-42311)
VUL-0: CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-4...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/345729/
CVSSv3.1:SUSE:CVE-2022-42311:6.0:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-19 09:30 UTC by Carlos López
Modified: 2022-12-06 17:22 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Attached patches (293.51 KB, application/zip)
2022-10-19 09:30 UTC, Carlos López 		Details
Attached patches v2 (293.55 KB, application/zip)
2022-10-24 10:31 UTC, Carlos López 		Details
Attached patches v3 (293.18 KB, application/zip)
2022-10-27 15:05 UTC, Carlos López 		Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-10-19 09:30:27 UTC 
Created attachment 862263 [details]
Attached patches

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 Xen Security Advisory CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318 / XSA-326

         Xenstore: guests can let run xenstored out of memory

              *** EMBARGOED UNTIL 2022-11-01 12:00 UTC ***

ISSUE DESCRIPTION
=================

Malicious guests can cause xenstored to allocate vast amounts of memory,
eventually resulting in a Denial of Service (DoS) of xenstored.

There are multiple ways how guests can cause large memory allocations
in xenstored:

- - by issuing new requests to xenstored without reading the responses,
  causing the responses to be buffered in memory

- - by causing large number of watch events to be generated via setting up
  multiple xenstore watches and then e.g. deleting many xenstore nodes
  below the watched path

- - by creating as many nodes as allowed with the maximum allowed size and
  path length in as many transactions as possible

- - by accessing many nodes inside a transaction

IMPACT
======

Unprivileged guests can cause a DoS of xenstored, resulting in the
inability to create new guests or modify the configuration of running
guests.

VULNERABLE SYSTEMS
==================

All Xen versions are vulnerable.

Both Xenstore implementations (C and Ocaml) are vulnerable.

MITIGATION
==========

There is no mitigation available.

RESOLUTION
==========

Applying the appropriate attached patches resolve this issue.

Note that the final oxenstored patch (7 or 8, as applicable) is limiting
the security support for oxenstored to trusted driver domains only.

C xenstored Patches 15 and 16 are not part of the XSA, but are useful
for administrators to change current xenstored quota settings and to
audit per-guest resource usage in xenstored.

Note that the patches are based on top of the patches for XSA-414 and
XSA-415. There is a subtle dependency on XSA-419, which can't be resolved
easily, so the patches of XSA-326 should always be applied together with
those of XSA-419.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa326/xsa326-xenstored-??.patch           xen-unstable
xsa326/xsa326-oxenstored-??.patch          xen-unstable
xsa326/xsa326-4.16-xenstored-??.patch      Xen 4.16.x
xsa326/xsa326-4.16-oxenstored-??.patch     Xen 4.16.x
xsa326/xsa326-4.15-xenstored-??.patch      Xen 4.15.x
xsa326/xsa326-4.15-oxenstored-??.patch     Xen 4.15.x
xsa326/xsa326-4.14-xenstored-??.patch      Xen 4.14.x
xsa326/xsa326-4.14-oxenstored-??.patch     Xen 4.14.x
xsa326/xsa326-4.13-xenstored-??.patch      Xen 4.13.x
xsa326/xsa326-4.13-oxenstored-??.patch     Xen 4.13.x

$ sha256sum xsa326* xsa326*/*
fbeb48f2137ead7e933d487b95d819b4adec29e33141655dfb40e66861f8d005  xsa326.meta
f6fdc85025d42542409ebab57eba1e59dae4df7ce3871a7051edf77f491d31c9  xsa326/xsa326-4.13-oxenstored-01.patch
436748f5fbf12ae6fb19d15948ab54e453ab759d2d68b35bfe3c5376763bf5d8  xsa326/xsa326-4.13-oxenstored-02.patch
cb44a3ceae60e6c822002c213a117f57baa7e1cb6fe5c202c58a2917af73bf63  xsa326/xsa326-4.13-oxenstored-03.patch
bee2fd9163e00f8f41f29f88d29f0e54aefd4f1879ed35345135e08855bb7eee  xsa326/xsa326-4.13-oxenstored-04.patch
089a0a21921c405189ebc6d0bdbf67e5e15c0f83ec54425ec5ebc51060bca0d2  xsa326/xsa326-4.13-oxenstored-05.patch
e67371e8e64addaaf3c0c3cbb383d95e667f37d15a028a3419ff865ff9fb1603  xsa326/xsa326-4.13-oxenstored-06.patch
26702a0b7babe8255f2e17f453e6b0f5902cc43d882d1f654786e5224c36ec42  xsa326/xsa326-4.13-oxenstored-07.patch
dbd8395a8be4c568870ed9ae538d9ae57747cb1e906d0a0d0d8a6ce7620cd991  xsa326/xsa326-4.13-oxenstored-08.patch
1c341f84bbb1aca3daed0fff4a0b5db7a3e686912aacfdc548c38a677c9a30cf  xsa326/xsa326-4.13-xenstored-01.patch
82ec5978e3f1afefcf9b1baf1d0c4c89efe1c4305d7d948544951d25bf3ddf16  xsa326/xsa326-4.13-xenstored-02.patch
0f21245566eb2ed2060cb2abe8f84956636d6025d2463df4939fe362eb5e36b4  xsa326/xsa326-4.13-xenstored-03.patch
190858a6120b86cf1d37eacd38d91d2442b78b8ee17817e360ac73ec6e274f6c  xsa326/xsa326-4.13-xenstored-04.patch
03508c494c26e9d830db439132e293dc2365e4d132894dd279528cee57e1ac6b  xsa326/xsa326-4.13-xenstored-05.patch
5e1311ec2d5a1551c74e149cd31a74b860150aa63218fc9b5b12a0ea0055d9f4  xsa326/xsa326-4.13-xenstored-06.patch
631f54c93499a87a9b823396a066dfc09f1085ed3bd18f0a72e9b89cdb66e067  xsa326/xsa326-4.13-xenstored-07.patch
57e5a39191d01a817ffc9bdb11d310ca0ee72a54d668ee66a6e6772f7958c29c  xsa326/xsa326-4.13-xenstored-08.patch
4723adfb00d5266e92de9198e8e048f6320b7758127e838451638ac21fb4a144  xsa326/xsa326-4.13-xenstored-09.patch
6982e563ee30b92ba761094bc2e139bd29ff7c3639cf14334444e1ed4399070b  xsa326/xsa326-4.13-xenstored-10.patch
4d5e2cd2d246663c5381586ce3662a70cfe48ab40c977d62a9bfbf4bc5c8f208  xsa326/xsa326-4.13-xenstored-11.patch
c035ea0d794ebd92d6f1aca06a74ace0a8d6d1965a3065233206858ca625caf9  xsa326/xsa326-4.13-xenstored-12.patch
3acbf0596a9fe8f26ab63e4ef90ecba5574166610b72f42b89772227340fc88a  xsa326/xsa326-4.13-xenstored-13.patch
f3355da3b9454fcc953c29c9d30510f9694b398696cdc529cdf10395b69acf97  xsa326/xsa326-4.13-xenstored-14.patch
b21da9f1d245bd2ccf9b8c14705981b6bd7df22e92b981011f5480d557dc0dcb  xsa326/xsa326-4.13-xenstored-15.patch
f21d49f662a4ab20de9d907088da36aba72040fa0b273d36471d2016c9992f52  xsa326/xsa326-4.13-xenstored-16.patch
e8c5d01e56be2fbc9da8d38c191329bbd9b3aa136f14b95e49d892bb79f5601d  xsa326/xsa326-4.14-oxenstored-01.patch
9117baa9a22b6e81a4abc9259dad476bef5e1177a9555cae6eb369dab473b9c4  xsa326/xsa326-4.14-oxenstored-02.patch
b3af1131091795a911e390b39250c1ef0df6e24ff064fc8870f1c94885cfae28  xsa326/xsa326-4.14-oxenstored-03.patch
1b3ad4f4961b90929a64c13841158f5b024f97103e0b00e002cd3e0aaee4f327  xsa326/xsa326-4.14-oxenstored-04.patch
e125126593133912e94bd3c5ca26f7c57ae29b098a7983efb16dbd458f24c6a4  xsa326/xsa326-4.14-oxenstored-05.patch
5a59aad1f35e487d7fbf8bc1992f4c7a6a29add1cb88f956a0d4153ace1d1a5e  xsa326/xsa326-4.14-oxenstored-06.patch
ecfa701a5445710e3bded94ea7d7c33cbd1345c125ab5b4448afd2103d440aa6  xsa326/xsa326-4.14-oxenstored-07.patch
874b8a769c85e383cf5ca3d2432a8677ec8184209819495c3efb015dc560e886  xsa326/xsa326-4.14-oxenstored-08.patch
aeb6e39f84a63ad997307469d1a559691a9fb3cfb9f994931f9e6376eb6e2d77  xsa326/xsa326-4.14-xenstored-01.patch
6ee3af79bbd73a5f9e6140ff097a02d50109c2228a57be98f2d0bf6d3d2f8d91  xsa326/xsa326-4.14-xenstored-02.patch
21f6741ffab51aaa8ae0f69ac382ffb3d71bc877321138ebca9093080f833ae3  xsa326/xsa326-4.14-xenstored-03.patch
ff4d4532997ecab462dc867c2087aa00ee8bd3f673e00a512a05833cf6cfd334  xsa326/xsa326-4.14-xenstored-04.patch
9ba7a047c438416428ef5b0b5918847dd69f08ac89c0722025b8f869d6f01f76  xsa326/xsa326-4.14-xenstored-05.patch
a9079c88cccbe700803a2c5fa9904e37c301a6dbca1b799f34312fa9eb7e9b77  xsa326/xsa326-4.14-xenstored-06.patch
84ea04f588325fa206dcd147d8804202ba6bb9836e0689da6f6df1911907eac1  xsa326/xsa326-4.14-xenstored-07.patch
23801ac2d6e1397e59d02911d290d80b77237645dccb6ee13f04aac298e46c33  xsa326/xsa326-4.14-xenstored-08.patch
fed8db815707e9fb0c2d8e74ecefdb5e6c703d518870bd393deb0beaea6dae0b  xsa326/xsa326-4.14-xenstored-09.patch
6360ecb9619c7db3dfce231cedac0172428d4c1eadd004eb940b698c1fef0d5a  xsa326/xsa326-4.14-xenstored-10.patch
75fc02f19f2bb590ddaa8c6dad74ac50c74abc22a8cc52e3147da007451eb8f9  xsa326/xsa326-4.14-xenstored-11.patch
cda1828a6377aaf0d224e05828eeccaaf351392fa88ee817beef682fee852cbc  xsa326/xsa326-4.14-xenstored-12.patch
5716e292dafbea1b4f56b02b57b73ea34a258316dd6cd72764a6e42d883cb4c3  xsa326/xsa326-4.14-xenstored-13.patch
f639994224eafcc18ee353c9a63aedf7ef9b86092fcde295648b76e1ff52b750  xsa326/xsa326-4.14-xenstored-14.patch
4d23e0e4100eedbe20c46a72e6aadd5a29932a14bba6952b3103fdcfd3ba2f8f  xsa326/xsa326-4.14-xenstored-15.patch
34d0607dfe7821dd8754fbe32819aaf77fa6b8fee56d8807bd8485796f3cf051  xsa326/xsa326-4.14-xenstored-16.patch
4a66309620b56f3c666909144750419cb006256721a59b52d56ed68a851c7069  xsa326/xsa326-4.15-oxenstored-01.patch
614b02e49a257bf7ab742fa783a042971f8faa7b3313325cf4dd08fe801c56db  xsa326/xsa326-4.15-oxenstored-02.patch
4b325c3db61cfa283dc3b861c637f606fe10e3b8372218dbe9dcbdc967e92d3f  xsa326/xsa326-4.15-oxenstored-03.patch
df04e85c0b613ba527e387e238142c279c2b3a06a2e789eea834c2fce48f56f7  xsa326/xsa326-4.15-oxenstored-04.patch
0bad5b83483baf11fb562d7845d20944fb3bec85fd84e59745dd64e7ab5fd279  xsa326/xsa326-4.15-oxenstored-05.patch
8587933c0eaea211b33aa9c7d893089ac09666192e30388b1dc7e2bc968f7a14  xsa326/xsa326-4.15-oxenstored-06.patch
626450014e6141ab3dfe3ce5af1f5bc409ec2f397447871dc338f4c020e35a0a  xsa326/xsa326-4.15-oxenstored-07.patch
c48a816cddc756a350903aa920f5834a3646999c9fd4afea3fe80c1f0b03949a  xsa326/xsa326-4.15-oxenstored-08.patch
7b22be70b39730bbe5386630753fbbff2c07ec43dc50b6d9a4ca2891e0f4fcc6  xsa326/xsa326-4.15-xenstored-01.patch
79327151003e305b24b612fe2010b5d573540d04aacda756aac9237edc4cb719  xsa326/xsa326-4.15-xenstored-02.patch
0a8d6a7e34ddb59e120815b899483a8178f017ea1882982607f1395f6efcc11a  xsa326/xsa326-4.15-xenstored-03.patch
0648b891ed8b7110e37d4a6cb86279e549d3061371df8c50c159dc93193fe05a  xsa326/xsa326-4.15-xenstored-04.patch
5b735b23815c76e0e38822b94ca15ee2dee4c6dbeffedd102d2ae4a64e3b9728  xsa326/xsa326-4.15-xenstored-05.patch
5089e7180fd4494308057a7c9b4bd38fe0096adc931d5d172e71e193cc3afb09  xsa326/xsa326-4.15-xenstored-06.patch
695cd0a5ce3ec89e76ec25c75d5bd4f438ceccb45baaee91d7f093418280024a  xsa326/xsa326-4.15-xenstored-07.patch
adebc5adf4bc15476c6c04c56cb489cdf0743c5f6cb926cebc924a62106ee988  xsa326/xsa326-4.15-xenstored-08.patch
914f3534cf65d19c4d09e4fd5e8b20da7b853c80271108bd4882091fad072a04  xsa326/xsa326-4.15-xenstored-09.patch
818e46ebdbb0b66031ee9666f2b5b3c87d011792962a31ce118d363360acbb8c  xsa326/xsa326-4.15-xenstored-10.patch
99485ce97f4c155d2c10548023cac45c0be33f8e6e80cd194528971c18b90814  xsa326/xsa326-4.15-xenstored-11.patch
28062b383e3f2256195e390bafcf5c1c0cbf9441a72e1c928f2912f0c4c5d346  xsa326/xsa326-4.15-xenstored-12.patch
d4d8b45c8150d567ecfbf05b22390e8d431fd6b5755f79d0975a995154deaee4  xsa326/xsa326-4.15-xenstored-13.patch
498f0ac5dd855ae06a54d33c6a4df8b80cd81fa055862bccc4880400a8bf9290  xsa326/xsa326-4.15-xenstored-14.patch
0dc2d09d44fea2d8c92e6eab1150a8a647507924a1940b7440d33e9d75d7b54b  xsa326/xsa326-4.15-xenstored-15.patch
7923b9f6aebae22627d5868ad96ba04bce2cd59f1542074a222b9634e58b3d14  xsa326/xsa326-4.15-xenstored-16.patch
cd1dae7bfd8760319f92b19465f8dea6a3078e57af3b0d6eed76964b52e25f32  xsa326/xsa326-4.16-oxenstored-01.patch
6f26b752cd83b155baa4ee97bf71d05b5b3dd5b65ec405de419112d922ada3f3  xsa326/xsa326-4.16-oxenstored-02.patch
a4d63582979bbf9898b04b52d679176e89ab1c0dc365b65276dbffdc4d0cb285  xsa326/xsa326-4.16-oxenstored-03.patch
22beca6cf06d457455bf830a1bb04fdd426edd8ef7398f2a8017e40cf2cc0db8  xsa326/xsa326-4.16-oxenstored-04.patch
b4956bbe168d68e406afdfa5777c34ad65546cb4cfa9e83fd6553b90edbb18d1  xsa326/xsa326-4.16-oxenstored-05.patch
e4f20d53435e11312baa026e7800113492767c7ef833dcc3649a77c128bb33f8  xsa326/xsa326-4.16-oxenstored-06.patch
b4444fd7343a8ca00536fca77104acd77b6daffdc50d98dc5160e91792225fbf  xsa326/xsa326-4.16-oxenstored-07.patch
b3b27bf0d8fe1e9ddd6c4bb2035d4cb7903e70c0f6337107788b24b8b28bcb1a  xsa326/xsa326-4.16-oxenstored-08.patch
33ae05fb16fdb3be668d91b9347e0d84fb2ce85ca96f046b67c404dbc9cb29e0  xsa326/xsa326-4.16-xenstored-01.patch
68e4dd96023730a2d6365cd171a692fa5dcf8ac252fc4becd708e085e7c3d7da  xsa326/xsa326-4.16-xenstored-02.patch
41aa119982657b994182a6406347297375e9c84f3a06b4dd29bbac24ba104211  xsa326/xsa326-4.16-xenstored-03.patch
513e06a3e314b2539ec981ecc05e088077c5dbc48382ca93ca3c060ad5fedcbd  xsa326/xsa326-4.16-xenstored-04.patch
314febb07e15162830d4d7cd773db580e7bc44a69181c2b60bf1c232905ea467  xsa326/xsa326-4.16-xenstored-05.patch
c5499422248db8e74d46bea74f997b91514ce3a4f216f06dd43f5c1a4ad6f8ac  xsa326/xsa326-4.16-xenstored-06.patch
9e932b0060e0de7cb502a195a5e323ef864f82e823c1f53dc2f935b9cca93cb8  xsa326/xsa326-4.16-xenstored-07.patch
d044d901dbffcdc831ffeb07772920948b98951921f90173d2a81745806a7cf9  xsa326/xsa326-4.16-xenstored-08.patch
591c5fd129a417b3dd22b740fc49b396a41514fb0a432bf5607f6f44c48193fb  xsa326/xsa326-4.16-xenstored-09.patch
64c7a3f0dcae54102864dd8bcb53428b13da9ffe63a3e8fcc81b13df15d4ed56  xsa326/xsa326-4.16-xenstored-10.patch
cf7ce7d533e5ee78cd667082fc4238ff75ef9db7e18814937e2d687de3651261  xsa326/xsa326-4.16-xenstored-11.patch
2edac0c5bbd5c7367d579e688d134be3c66fae9524c6364b5f7cf5eb27256fb9  xsa326/xsa326-4.16-xenstored-12.patch
d8c868ebd69fe09914bae02ad55ffe20d6e61517343674efdf123bc70c196eb5  xsa326/xsa326-4.16-xenstored-13.patch
1c9e0a5848b4e95bdc669b2ed1ee0817c07194095953a18e0ee83c14cfd075ce  xsa326/xsa326-4.16-xenstored-14.patch
e8956f19912f89ed87b3f69a74f91b90b11337b3fde014399247cfb4dc31d464  xsa326/xsa326-4.16-xenstored-15.patch
1c5b7ab23f5e51cd19e9ef27821942974d20231c933ed8c362c3f8e098d366e9  xsa326/xsa326-4.16-xenstored-16.patch
a0f5b3f384ece041230f19c7feed3684a7c0fbac16aa26686f54e3fb2a47acb9  xsa326/xsa326-oxenstored-01.patch
72999ad1e6a33c3ad6cee866415a259f0e9256b94954812fa63372d9c7b11082  xsa326/xsa326-oxenstored-02.patch
a3fe1936a0d97ae2ec06bb227dc16473b0b8ee7adb03a88ff810facb3eb3d9e2  xsa326/xsa326-oxenstored-03.patch
0c80947a726978a9a05fe45c17094ba7b9f32661caedfcc1b60bb153dc8890b3  xsa326/xsa326-oxenstored-04.patch
070079ca2007aefbb5fb717b414591fc243d332e9be79c9bf2e30f431d84c888  xsa326/xsa326-oxenstored-05.patch
bb223f10a9549e8d87b2b78c4313d2862d250aa63cf0dc34681489bfcf052132  xsa326/xsa326-oxenstored-06.patch
280244cf76a4337ec7d08662dc39b5d14cd165b321316867d2efbbc87fcd468d  xsa326/xsa326-oxenstored-07.patch
7e8cc25e89d1bf05de97aa942608c4d84cb21826bdc95670f60eae78f7b512b5  xsa326/xsa326-xenstored-01.patch
920c6dc581e693f2a6ef51ed70137d27ec3bf2a82a143700a31022bd96a5b655  xsa326/xsa326-xenstored-02.patch
89b406de89bfc4be2845fde74b754d6f7812688b60f28c0ffa7aec2967eed415  xsa326/xsa326-xenstored-03.patch
ad297956d369df917b9964f4f818dbbed84f25a5e41478b87256918ba424fc2d  xsa326/xsa326-xenstored-04.patch
29cad3f013ca2f0731a59b8063bfec4c5c9b65e209eece8e65de735991825965  xsa326/xsa326-xenstored-05.patch
764e2224a1e3e70c7df2dd8fd5f1ec000183925910801607931633e4d44df3fa  xsa326/xsa326-xenstored-06.patch
3bf7c28bd910cf7ddc71711a7d7b16de605f82387baeac96d09d5ec4f099ad13  xsa326/xsa326-xenstored-07.patch
a28beecd05d229926eeb7562f4931c83fbc75947bceb8e6dc6c2d5b6e918afe4  xsa326/xsa326-xenstored-08.patch
0159d510e3b752dfab0925cb03124052661abeb5b2a3989453aa205704a13020  xsa326/xsa326-xenstored-09.patch
d649ab5a0e3bc63a77f6b4b1dad8b83e5a2aa642b0d961ec923cdaece30f749c  xsa326/xsa326-xenstored-10.patch
6cdfef9f1b711be2e7acd5fd95a731c6fa2e644d6fb250870adb111ce00e5468  xsa326/xsa326-xenstored-11.patch
ec3ed4bfd7fd72edb6d9b022b265769b55aa4c2e92bc2a068e51e6f01a8b3805  xsa326/xsa326-xenstored-12.patch
b78e1a183c59e796117e7304883e34163b8f8fb5baa9f596405c3ecf5cdc5550  xsa326/xsa326-xenstored-13.patch
c8acc1013b177dad3aacef7154ab96018ddd014501696c8fb6807cf29a8a9338  xsa326/xsa326-xenstored-14.patch
fb4b325db3c613a41a2b71d4ea73d762d8fd3a8512dc5dc691f4c5d6cf2ccbd7  xsa326/xsa326-xenstored-15.patch
6ed882d3c9fac5ec814874b5f7e678144a236fca01592464a182de2c6b081664  xsa326/xsa326-xenstored-16.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.


(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmNPqDAMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZ/mkIAIVLFhkcjmDkhbGArT3gj9weBiQct1yC2NIizMcH
S32P0zY4jvzXaFA4NoYn6ee66K/LnCLVUkPghNGQ2HH5XXsDGjggTugwJbI/6Vae
EnkRKs3HeR3IDlEnfUxKX+hRAB1KZ2kBXZvtMoGD+1WZsstWpovuYARV/Z/AZayG
wenIaWjGuCw2ulVBAnI+3k9AjFbaFhguUQ8dsIzdW3OIXZ0BV0edoNhf2OLBhe+s
rdgJZKI0xswrqimZrawRSMBBgVu0PBtEu9hmsXg792HB+sguGeFepbbgO2RcySQ9
QQQxe4UscUsrCvqQnY71K/XDcymjgY/X5eOFztUx25n2y7w=
=UoK0
-----END PGP SIGNATURE-----
Comment 3 Carlos López 2022-10-24 10:31:51 UTC 
Created attachment 862382 [details]
Attached patches v2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 Xen Security Advisory CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318 / XSA-326
                                                                        version 2

         Xenstore: guests can let run xenstored out of memory

              *** EMBARGOED UNTIL 2022-11-01 12:00 UTC ***

UPDATES IN VERSION 2
====================

Correction to oxenstored-02.patch in all releases, to avoid growing an
internal list on error replies.

ISSUE DESCRIPTION
=================

Malicious guests can cause xenstored to allocate vast amounts of memory,
eventually resulting in a Denial of Service (DoS) of xenstored.

There are multiple ways how guests can cause large memory allocations
in xenstored:

- - by issuing new requests to xenstored without reading the responses,
  causing the responses to be buffered in memory

- - by causing large number of watch events to be generated via setting up
  multiple xenstore watches and then e.g. deleting many xenstore nodes
  below the watched path

- - by creating as many nodes as allowed with the maximum allowed size and
  path length in as many transactions as possible

- - by accessing many nodes inside a transaction

IMPACT
======

Unprivileged guests can cause a DoS of xenstored, resulting in the
inability to create new guests or modify the configuration of running
guests.

VULNERABLE SYSTEMS
==================

All Xen versions are vulnerable.

Both Xenstore implementations (C and Ocaml) are vulnerable.

MITIGATION
==========

There is no mitigation available.

RESOLUTION
==========

Applying the appropriate attached patches resolve this issue.

Note that the final oxenstored patch (7 or 8, as applicable) is limiting
the security support for oxenstored to trusted driver domains only.

C xenstored Patches 15 and 16 are not part of the XSA, but are useful
for administrators to change current xenstored quota settings and to
audit per-guest resource usage in xenstored.

Note that the patches are based on top of the patches for XSA-414 and
XSA-415. There is a subtle dependency on XSA-419, which can't be resolved
easily, so the patches of XSA-326 should always be applied together with
those of XSA-419.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa326/xsa326-xenstored-??.patch           xen-unstable
xsa326/xsa326-oxenstored-??.patch          xen-unstable
xsa326/xsa326-4.16-xenstored-??.patch      Xen 4.16.x
xsa326/xsa326-4.16-oxenstored-??.patch     Xen 4.16.x
xsa326/xsa326-4.15-xenstored-??.patch      Xen 4.15.x
xsa326/xsa326-4.15-oxenstored-??.patch     Xen 4.15.x
xsa326/xsa326-4.14-xenstored-??.patch      Xen 4.14.x
xsa326/xsa326-4.14-oxenstored-??.patch     Xen 4.14.x
xsa326/xsa326-4.13-xenstored-??.patch      Xen 4.13.x
xsa326/xsa326-4.13-oxenstored-??.patch     Xen 4.13.x

$ sha256sum xsa326* xsa326*/*
fbeb48f2137ead7e933d487b95d819b4adec29e33141655dfb40e66861f8d005  xsa326.meta
f6fdc85025d42542409ebab57eba1e59dae4df7ce3871a7051edf77f491d31c9  xsa326/xsa326-4.13-oxenstored-01.patch
5c12de91d891f862f6d079e5fec7001cfb96cf0b86ea99ca6b49dec117d86de1  xsa326/xsa326-4.13-oxenstored-02.patch
cb44a3ceae60e6c822002c213a117f57baa7e1cb6fe5c202c58a2917af73bf63  xsa326/xsa326-4.13-oxenstored-03.patch
bee2fd9163e00f8f41f29f88d29f0e54aefd4f1879ed35345135e08855bb7eee  xsa326/xsa326-4.13-oxenstored-04.patch
089a0a21921c405189ebc6d0bdbf67e5e15c0f83ec54425ec5ebc51060bca0d2  xsa326/xsa326-4.13-oxenstored-05.patch
e67371e8e64addaaf3c0c3cbb383d95e667f37d15a028a3419ff865ff9fb1603  xsa326/xsa326-4.13-oxenstored-06.patch
26702a0b7babe8255f2e17f453e6b0f5902cc43d882d1f654786e5224c36ec42  xsa326/xsa326-4.13-oxenstored-07.patch
dbd8395a8be4c568870ed9ae538d9ae57747cb1e906d0a0d0d8a6ce7620cd991  xsa326/xsa326-4.13-oxenstored-08.patch
1c341f84bbb1aca3daed0fff4a0b5db7a3e686912aacfdc548c38a677c9a30cf  xsa326/xsa326-4.13-xenstored-01.patch
82ec5978e3f1afefcf9b1baf1d0c4c89efe1c4305d7d948544951d25bf3ddf16  xsa326/xsa326-4.13-xenstored-02.patch
0f21245566eb2ed2060cb2abe8f84956636d6025d2463df4939fe362eb5e36b4  xsa326/xsa326-4.13-xenstored-03.patch
190858a6120b86cf1d37eacd38d91d2442b78b8ee17817e360ac73ec6e274f6c  xsa326/xsa326-4.13-xenstored-04.patch
03508c494c26e9d830db439132e293dc2365e4d132894dd279528cee57e1ac6b  xsa326/xsa326-4.13-xenstored-05.patch
5e1311ec2d5a1551c74e149cd31a74b860150aa63218fc9b5b12a0ea0055d9f4  xsa326/xsa326-4.13-xenstored-06.patch
631f54c93499a87a9b823396a066dfc09f1085ed3bd18f0a72e9b89cdb66e067  xsa326/xsa326-4.13-xenstored-07.patch
57e5a39191d01a817ffc9bdb11d310ca0ee72a54d668ee66a6e6772f7958c29c  xsa326/xsa326-4.13-xenstored-08.patch
4723adfb00d5266e92de9198e8e048f6320b7758127e838451638ac21fb4a144  xsa326/xsa326-4.13-xenstored-09.patch
6982e563ee30b92ba761094bc2e139bd29ff7c3639cf14334444e1ed4399070b  xsa326/xsa326-4.13-xenstored-10.patch
4d5e2cd2d246663c5381586ce3662a70cfe48ab40c977d62a9bfbf4bc5c8f208  xsa326/xsa326-4.13-xenstored-11.patch
c035ea0d794ebd92d6f1aca06a74ace0a8d6d1965a3065233206858ca625caf9  xsa326/xsa326-4.13-xenstored-12.patch
3acbf0596a9fe8f26ab63e4ef90ecba5574166610b72f42b89772227340fc88a  xsa326/xsa326-4.13-xenstored-13.patch
f3355da3b9454fcc953c29c9d30510f9694b398696cdc529cdf10395b69acf97  xsa326/xsa326-4.13-xenstored-14.patch
b21da9f1d245bd2ccf9b8c14705981b6bd7df22e92b981011f5480d557dc0dcb  xsa326/xsa326-4.13-xenstored-15.patch
f21d49f662a4ab20de9d907088da36aba72040fa0b273d36471d2016c9992f52  xsa326/xsa326-4.13-xenstored-16.patch
e8c5d01e56be2fbc9da8d38c191329bbd9b3aa136f14b95e49d892bb79f5601d  xsa326/xsa326-4.14-oxenstored-01.patch
00716f54b37a141d61f2d895b5e38e856c2adfa1792b8d0daf89b31d9487f3ef  xsa326/xsa326-4.14-oxenstored-02.patch
b3af1131091795a911e390b39250c1ef0df6e24ff064fc8870f1c94885cfae28  xsa326/xsa326-4.14-oxenstored-03.patch
1b3ad4f4961b90929a64c13841158f5b024f97103e0b00e002cd3e0aaee4f327  xsa326/xsa326-4.14-oxenstored-04.patch
e125126593133912e94bd3c5ca26f7c57ae29b098a7983efb16dbd458f24c6a4  xsa326/xsa326-4.14-oxenstored-05.patch
5a59aad1f35e487d7fbf8bc1992f4c7a6a29add1cb88f956a0d4153ace1d1a5e  xsa326/xsa326-4.14-oxenstored-06.patch
ecfa701a5445710e3bded94ea7d7c33cbd1345c125ab5b4448afd2103d440aa6  xsa326/xsa326-4.14-oxenstored-07.patch
874b8a769c85e383cf5ca3d2432a8677ec8184209819495c3efb015dc560e886  xsa326/xsa326-4.14-oxenstored-08.patch
aeb6e39f84a63ad997307469d1a559691a9fb3cfb9f994931f9e6376eb6e2d77  xsa326/xsa326-4.14-xenstored-01.patch
6ee3af79bbd73a5f9e6140ff097a02d50109c2228a57be98f2d0bf6d3d2f8d91  xsa326/xsa326-4.14-xenstored-02.patch
21f6741ffab51aaa8ae0f69ac382ffb3d71bc877321138ebca9093080f833ae3  xsa326/xsa326-4.14-xenstored-03.patch
ff4d4532997ecab462dc867c2087aa00ee8bd3f673e00a512a05833cf6cfd334  xsa326/xsa326-4.14-xenstored-04.patch
9ba7a047c438416428ef5b0b5918847dd69f08ac89c0722025b8f869d6f01f76  xsa326/xsa326-4.14-xenstored-05.patch
a9079c88cccbe700803a2c5fa9904e37c301a6dbca1b799f34312fa9eb7e9b77  xsa326/xsa326-4.14-xenstored-06.patch
84ea04f588325fa206dcd147d8804202ba6bb9836e0689da6f6df1911907eac1  xsa326/xsa326-4.14-xenstored-07.patch
23801ac2d6e1397e59d02911d290d80b77237645dccb6ee13f04aac298e46c33  xsa326/xsa326-4.14-xenstored-08.patch
fed8db815707e9fb0c2d8e74ecefdb5e6c703d518870bd393deb0beaea6dae0b  xsa326/xsa326-4.14-xenstored-09.patch
6360ecb9619c7db3dfce231cedac0172428d4c1eadd004eb940b698c1fef0d5a  xsa326/xsa326-4.14-xenstored-10.patch
75fc02f19f2bb590ddaa8c6dad74ac50c74abc22a8cc52e3147da007451eb8f9  xsa326/xsa326-4.14-xenstored-11.patch
cda1828a6377aaf0d224e05828eeccaaf351392fa88ee817beef682fee852cbc  xsa326/xsa326-4.14-xenstored-12.patch
5716e292dafbea1b4f56b02b57b73ea34a258316dd6cd72764a6e42d883cb4c3  xsa326/xsa326-4.14-xenstored-13.patch
f639994224eafcc18ee353c9a63aedf7ef9b86092fcde295648b76e1ff52b750  xsa326/xsa326-4.14-xenstored-14.patch
4d23e0e4100eedbe20c46a72e6aadd5a29932a14bba6952b3103fdcfd3ba2f8f  xsa326/xsa326-4.14-xenstored-15.patch
34d0607dfe7821dd8754fbe32819aaf77fa6b8fee56d8807bd8485796f3cf051  xsa326/xsa326-4.14-xenstored-16.patch
4a66309620b56f3c666909144750419cb006256721a59b52d56ed68a851c7069  xsa326/xsa326-4.15-oxenstored-01.patch
91717f1d76f6c3694a713ddaf24d5e2c1a519eed3787731c605209864481e212  xsa326/xsa326-4.15-oxenstored-02.patch
4b325c3db61cfa283dc3b861c637f606fe10e3b8372218dbe9dcbdc967e92d3f  xsa326/xsa326-4.15-oxenstored-03.patch
df04e85c0b613ba527e387e238142c279c2b3a06a2e789eea834c2fce48f56f7  xsa326/xsa326-4.15-oxenstored-04.patch
0bad5b83483baf11fb562d7845d20944fb3bec85fd84e59745dd64e7ab5fd279  xsa326/xsa326-4.15-oxenstored-05.patch
8587933c0eaea211b33aa9c7d893089ac09666192e30388b1dc7e2bc968f7a14  xsa326/xsa326-4.15-oxenstored-06.patch
626450014e6141ab3dfe3ce5af1f5bc409ec2f397447871dc338f4c020e35a0a  xsa326/xsa326-4.15-oxenstored-07.patch
c48a816cddc756a350903aa920f5834a3646999c9fd4afea3fe80c1f0b03949a  xsa326/xsa326-4.15-oxenstored-08.patch
7b22be70b39730bbe5386630753fbbff2c07ec43dc50b6d9a4ca2891e0f4fcc6  xsa326/xsa326-4.15-xenstored-01.patch
79327151003e305b24b612fe2010b5d573540d04aacda756aac9237edc4cb719  xsa326/xsa326-4.15-xenstored-02.patch
0a8d6a7e34ddb59e120815b899483a8178f017ea1882982607f1395f6efcc11a  xsa326/xsa326-4.15-xenstored-03.patch
0648b891ed8b7110e37d4a6cb86279e549d3061371df8c50c159dc93193fe05a  xsa326/xsa326-4.15-xenstored-04.patch
5b735b23815c76e0e38822b94ca15ee2dee4c6dbeffedd102d2ae4a64e3b9728  xsa326/xsa326-4.15-xenstored-05.patch
5089e7180fd4494308057a7c9b4bd38fe0096adc931d5d172e71e193cc3afb09  xsa326/xsa326-4.15-xenstored-06.patch
695cd0a5ce3ec89e76ec25c75d5bd4f438ceccb45baaee91d7f093418280024a  xsa326/xsa326-4.15-xenstored-07.patch
adebc5adf4bc15476c6c04c56cb489cdf0743c5f6cb926cebc924a62106ee988  xsa326/xsa326-4.15-xenstored-08.patch
914f3534cf65d19c4d09e4fd5e8b20da7b853c80271108bd4882091fad072a04  xsa326/xsa326-4.15-xenstored-09.patch
818e46ebdbb0b66031ee9666f2b5b3c87d011792962a31ce118d363360acbb8c  xsa326/xsa326-4.15-xenstored-10.patch
99485ce97f4c155d2c10548023cac45c0be33f8e6e80cd194528971c18b90814  xsa326/xsa326-4.15-xenstored-11.patch
28062b383e3f2256195e390bafcf5c1c0cbf9441a72e1c928f2912f0c4c5d346  xsa326/xsa326-4.15-xenstored-12.patch
d4d8b45c8150d567ecfbf05b22390e8d431fd6b5755f79d0975a995154deaee4  xsa326/xsa326-4.15-xenstored-13.patch
498f0ac5dd855ae06a54d33c6a4df8b80cd81fa055862bccc4880400a8bf9290  xsa326/xsa326-4.15-xenstored-14.patch
0dc2d09d44fea2d8c92e6eab1150a8a647507924a1940b7440d33e9d75d7b54b  xsa326/xsa326-4.15-xenstored-15.patch
7923b9f6aebae22627d5868ad96ba04bce2cd59f1542074a222b9634e58b3d14  xsa326/xsa326-4.15-xenstored-16.patch
cd1dae7bfd8760319f92b19465f8dea6a3078e57af3b0d6eed76964b52e25f32  xsa326/xsa326-4.16-oxenstored-01.patch
b0747abf8441955a21ae9d40ba37f90bb8d20357d87bd0f54e6c0b4514d337a4  xsa326/xsa326-4.16-oxenstored-02.patch
a4d63582979bbf9898b04b52d679176e89ab1c0dc365b65276dbffdc4d0cb285  xsa326/xsa326-4.16-oxenstored-03.patch
22beca6cf06d457455bf830a1bb04fdd426edd8ef7398f2a8017e40cf2cc0db8  xsa326/xsa326-4.16-oxenstored-04.patch
b4956bbe168d68e406afdfa5777c34ad65546cb4cfa9e83fd6553b90edbb18d1  xsa326/xsa326-4.16-oxenstored-05.patch
e4f20d53435e11312baa026e7800113492767c7ef833dcc3649a77c128bb33f8  xsa326/xsa326-4.16-oxenstored-06.patch
b4444fd7343a8ca00536fca77104acd77b6daffdc50d98dc5160e91792225fbf  xsa326/xsa326-4.16-oxenstored-07.patch
b3b27bf0d8fe1e9ddd6c4bb2035d4cb7903e70c0f6337107788b24b8b28bcb1a  xsa326/xsa326-4.16-oxenstored-08.patch
33ae05fb16fdb3be668d91b9347e0d84fb2ce85ca96f046b67c404dbc9cb29e0  xsa326/xsa326-4.16-xenstored-01.patch
68e4dd96023730a2d6365cd171a692fa5dcf8ac252fc4becd708e085e7c3d7da  xsa326/xsa326-4.16-xenstored-02.patch
41aa119982657b994182a6406347297375e9c84f3a06b4dd29bbac24ba104211  xsa326/xsa326-4.16-xenstored-03.patch
513e06a3e314b2539ec981ecc05e088077c5dbc48382ca93ca3c060ad5fedcbd  xsa326/xsa326-4.16-xenstored-04.patch
314febb07e15162830d4d7cd773db580e7bc44a69181c2b60bf1c232905ea467  xsa326/xsa326-4.16-xenstored-05.patch
c5499422248db8e74d46bea74f997b91514ce3a4f216f06dd43f5c1a4ad6f8ac  xsa326/xsa326-4.16-xenstored-06.patch
9e932b0060e0de7cb502a195a5e323ef864f82e823c1f53dc2f935b9cca93cb8  xsa326/xsa326-4.16-xenstored-07.patch
d044d901dbffcdc831ffeb07772920948b98951921f90173d2a81745806a7cf9  xsa326/xsa326-4.16-xenstored-08.patch
591c5fd129a417b3dd22b740fc49b396a41514fb0a432bf5607f6f44c48193fb  xsa326/xsa326-4.16-xenstored-09.patch
64c7a3f0dcae54102864dd8bcb53428b13da9ffe63a3e8fcc81b13df15d4ed56  xsa326/xsa326-4.16-xenstored-10.patch
cf7ce7d533e5ee78cd667082fc4238ff75ef9db7e18814937e2d687de3651261  xsa326/xsa326-4.16-xenstored-11.patch
2edac0c5bbd5c7367d579e688d134be3c66fae9524c6364b5f7cf5eb27256fb9  xsa326/xsa326-4.16-xenstored-12.patch
d8c868ebd69fe09914bae02ad55ffe20d6e61517343674efdf123bc70c196eb5  xsa326/xsa326-4.16-xenstored-13.patch
1c9e0a5848b4e95bdc669b2ed1ee0817c07194095953a18e0ee83c14cfd075ce  xsa326/xsa326-4.16-xenstored-14.patch
e8956f19912f89ed87b3f69a74f91b90b11337b3fde014399247cfb4dc31d464  xsa326/xsa326-4.16-xenstored-15.patch
1c5b7ab23f5e51cd19e9ef27821942974d20231c933ed8c362c3f8e098d366e9  xsa326/xsa326-4.16-xenstored-16.patch
a0f5b3f384ece041230f19c7feed3684a7c0fbac16aa26686f54e3fb2a47acb9  xsa326/xsa326-oxenstored-01.patch
866a761d4c77323611295c22c56ea8f89654de2abdabf169a31711852853b234  xsa326/xsa326-oxenstored-02.patch
a3fe1936a0d97ae2ec06bb227dc16473b0b8ee7adb03a88ff810facb3eb3d9e2  xsa326/xsa326-oxenstored-03.patch
0c80947a726978a9a05fe45c17094ba7b9f32661caedfcc1b60bb153dc8890b3  xsa326/xsa326-oxenstored-04.patch
070079ca2007aefbb5fb717b414591fc243d332e9be79c9bf2e30f431d84c888  xsa326/xsa326-oxenstored-05.patch
bb223f10a9549e8d87b2b78c4313d2862d250aa63cf0dc34681489bfcf052132  xsa326/xsa326-oxenstored-06.patch
280244cf76a4337ec7d08662dc39b5d14cd165b321316867d2efbbc87fcd468d  xsa326/xsa326-oxenstored-07.patch
7e8cc25e89d1bf05de97aa942608c4d84cb21826bdc95670f60eae78f7b512b5  xsa326/xsa326-xenstored-01.patch
920c6dc581e693f2a6ef51ed70137d27ec3bf2a82a143700a31022bd96a5b655  xsa326/xsa326-xenstored-02.patch
89b406de89bfc4be2845fde74b754d6f7812688b60f28c0ffa7aec2967eed415  xsa326/xsa326-xenstored-03.patch
ad297956d369df917b9964f4f818dbbed84f25a5e41478b87256918ba424fc2d  xsa326/xsa326-xenstored-04.patch
29cad3f013ca2f0731a59b8063bfec4c5c9b65e209eece8e65de735991825965  xsa326/xsa326-xenstored-05.patch
764e2224a1e3e70c7df2dd8fd5f1ec000183925910801607931633e4d44df3fa  xsa326/xsa326-xenstored-06.patch
3bf7c28bd910cf7ddc71711a7d7b16de605f82387baeac96d09d5ec4f099ad13  xsa326/xsa326-xenstored-07.patch
a28beecd05d229926eeb7562f4931c83fbc75947bceb8e6dc6c2d5b6e918afe4  xsa326/xsa326-xenstored-08.patch
0159d510e3b752dfab0925cb03124052661abeb5b2a3989453aa205704a13020  xsa326/xsa326-xenstored-09.patch
d649ab5a0e3bc63a77f6b4b1dad8b83e5a2aa642b0d961ec923cdaece30f749c  xsa326/xsa326-xenstored-10.patch
6cdfef9f1b711be2e7acd5fd95a731c6fa2e644d6fb250870adb111ce00e5468  xsa326/xsa326-xenstored-11.patch
ec3ed4bfd7fd72edb6d9b022b265769b55aa4c2e92bc2a068e51e6f01a8b3805  xsa326/xsa326-xenstored-12.patch
b78e1a183c59e796117e7304883e34163b8f8fb5baa9f596405c3ecf5cdc5550  xsa326/xsa326-xenstored-13.patch
c8acc1013b177dad3aacef7154ab96018ddd014501696c8fb6807cf29a8a9338  xsa326/xsa326-xenstored-14.patch
fb4b325db3c613a41a2b71d4ea73d762d8fd3a8512dc5dc691f4c5d6cf2ccbd7  xsa326/xsa326-xenstored-15.patch
6ed882d3c9fac5ec814874b5f7e678144a236fca01592464a182de2c6b081664  xsa326/xsa326-xenstored-16.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.


(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmNWZ0gMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZsJYH/01dkSifKA4mCJ9bqjJzgFHYgCoRW6d5mpNoo3CO
grb78ZFT8zXg6FKyIxR/ZhwdWP6jxyAbMpkAhTUGuL8QNvH5Wh20JtwINFNAmQcr
/KXU9YbUdRwDp71bwo2rF25+YvluBA5a70yvClklwD4BLvm1AwifVBL0DqyiAFj1
yFTg9T6X98X86UM1N14N7gj/g07rPjBCtIx0Sy1PlpWgdPl7Dfhgrj4xLf5fsKYI
SLelNBjfMKYKs6iSlPdirTQklcodysYD3t/H0Zw67oKpeF134J6Cuj+4J6klUzI2
ZH/KKmfqzdlhV570sW6OuUcCq3egKe0ftOFNsdhUz/WtkLc=
=/2Me
-----END PGP SIGNATURE-----
Comment 4 Carlos López 2022-10-27 15:05:52 UTC 
Created attachment 862500 [details]
Attached patches v3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 Xen Security Advisory CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318 / XSA-326
                                                                        version 3

         Xenstore: guests can let run xenstored out of memory

              *** EMBARGOED UNTIL 2022-11-01 12:00 UTC ***

UPDATES IN VERSION 3
====================

Update of xsa326-4.13-xenstored-10.patch and xsa326-4.14-xenstored-10.patch
for fixing a backport error.

ISSUE DESCRIPTION
=================

Malicious guests can cause xenstored to allocate vast amounts of memory,
eventually resulting in a Denial of Service (DoS) of xenstored.

There are multiple ways how guests can cause large memory allocations
in xenstored:

- - by issuing new requests to xenstored without reading the responses,
  causing the responses to be buffered in memory

- - by causing large number of watch events to be generated via setting up
  multiple xenstore watches and then e.g. deleting many xenstore nodes
  below the watched path

- - by creating as many nodes as allowed with the maximum allowed size and
  path length in as many transactions as possible

- - by accessing many nodes inside a transaction

IMPACT
======

Unprivileged guests can cause a DoS of xenstored, resulting in the
inability to create new guests or modify the configuration of running
guests.

VULNERABLE SYSTEMS
==================

All Xen versions are vulnerable.

Both Xenstore implementations (C and Ocaml) are vulnerable.

MITIGATION
==========

There is no mitigation available.

RESOLUTION
==========

Applying the appropriate attached patches resolve this issue.

Note that the final oxenstored patch (7 or 8, as applicable) is limiting
the security support for oxenstored to trusted driver domains only.

C xenstored Patches 15 and 16 are not part of the XSA, but are useful
for administrators to change current xenstored quota settings and to
audit per-guest resource usage in xenstored.

Note that the patches are based on top of the patches for XSA-414 and
XSA-415. There is a subtle dependency on XSA-419, which can't be resolved
easily, so the patches of XSA-326 should always be applied together with
those of XSA-419.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa326/xsa326-xenstored-??.patch           xen-unstable
xsa326/xsa326-oxenstored-??.patch          xen-unstable
xsa326/xsa326-4.16-xenstored-??.patch      Xen 4.16.x
xsa326/xsa326-4.16-oxenstored-??.patch     Xen 4.16.x
xsa326/xsa326-4.15-xenstored-??.patch      Xen 4.15.x
xsa326/xsa326-4.15-oxenstored-??.patch     Xen 4.15.x
xsa326/xsa326-4.14-xenstored-??.patch      Xen 4.14.x
xsa326/xsa326-4.14-oxenstored-??.patch     Xen 4.14.x
xsa326/xsa326-4.13-xenstored-??.patch      Xen 4.13.x
xsa326/xsa326-4.13-oxenstored-??.patch     Xen 4.13.x

$ sha256sum xsa326* xsa326*/*
fbeb48f2137ead7e933d487b95d819b4adec29e33141655dfb40e66861f8d005  xsa326.meta
f6fdc85025d42542409ebab57eba1e59dae4df7ce3871a7051edf77f491d31c9  xsa326/xsa326-4.13-oxenstored-01.patch
5c12de91d891f862f6d079e5fec7001cfb96cf0b86ea99ca6b49dec117d86de1  xsa326/xsa326-4.13-oxenstored-02.patch
cb44a3ceae60e6c822002c213a117f57baa7e1cb6fe5c202c58a2917af73bf63  xsa326/xsa326-4.13-oxenstored-03.patch
bee2fd9163e00f8f41f29f88d29f0e54aefd4f1879ed35345135e08855bb7eee  xsa326/xsa326-4.13-oxenstored-04.patch
089a0a21921c405189ebc6d0bdbf67e5e15c0f83ec54425ec5ebc51060bca0d2  xsa326/xsa326-4.13-oxenstored-05.patch
e67371e8e64addaaf3c0c3cbb383d95e667f37d15a028a3419ff865ff9fb1603  xsa326/xsa326-4.13-oxenstored-06.patch
26702a0b7babe8255f2e17f453e6b0f5902cc43d882d1f654786e5224c36ec42  xsa326/xsa326-4.13-oxenstored-07.patch
dbd8395a8be4c568870ed9ae538d9ae57747cb1e906d0a0d0d8a6ce7620cd991  xsa326/xsa326-4.13-oxenstored-08.patch
1c341f84bbb1aca3daed0fff4a0b5db7a3e686912aacfdc548c38a677c9a30cf  xsa326/xsa326-4.13-xenstored-01.patch
82ec5978e3f1afefcf9b1baf1d0c4c89efe1c4305d7d948544951d25bf3ddf16  xsa326/xsa326-4.13-xenstored-02.patch
0f21245566eb2ed2060cb2abe8f84956636d6025d2463df4939fe362eb5e36b4  xsa326/xsa326-4.13-xenstored-03.patch
190858a6120b86cf1d37eacd38d91d2442b78b8ee17817e360ac73ec6e274f6c  xsa326/xsa326-4.13-xenstored-04.patch
03508c494c26e9d830db439132e293dc2365e4d132894dd279528cee57e1ac6b  xsa326/xsa326-4.13-xenstored-05.patch
5e1311ec2d5a1551c74e149cd31a74b860150aa63218fc9b5b12a0ea0055d9f4  xsa326/xsa326-4.13-xenstored-06.patch
631f54c93499a87a9b823396a066dfc09f1085ed3bd18f0a72e9b89cdb66e067  xsa326/xsa326-4.13-xenstored-07.patch
57e5a39191d01a817ffc9bdb11d310ca0ee72a54d668ee66a6e6772f7958c29c  xsa326/xsa326-4.13-xenstored-08.patch
4723adfb00d5266e92de9198e8e048f6320b7758127e838451638ac21fb4a144  xsa326/xsa326-4.13-xenstored-09.patch
0218cc4926adf4ab5102787e544b050578470883663cefb8225dea9952b0d7d0  xsa326/xsa326-4.13-xenstored-10.patch
4d5e2cd2d246663c5381586ce3662a70cfe48ab40c977d62a9bfbf4bc5c8f208  xsa326/xsa326-4.13-xenstored-11.patch
c035ea0d794ebd92d6f1aca06a74ace0a8d6d1965a3065233206858ca625caf9  xsa326/xsa326-4.13-xenstored-12.patch
3acbf0596a9fe8f26ab63e4ef90ecba5574166610b72f42b89772227340fc88a  xsa326/xsa326-4.13-xenstored-13.patch
f3355da3b9454fcc953c29c9d30510f9694b398696cdc529cdf10395b69acf97  xsa326/xsa326-4.13-xenstored-14.patch
b21da9f1d245bd2ccf9b8c14705981b6bd7df22e92b981011f5480d557dc0dcb  xsa326/xsa326-4.13-xenstored-15.patch
f21d49f662a4ab20de9d907088da36aba72040fa0b273d36471d2016c9992f52  xsa326/xsa326-4.13-xenstored-16.patch
e8c5d01e56be2fbc9da8d38c191329bbd9b3aa136f14b95e49d892bb79f5601d  xsa326/xsa326-4.14-oxenstored-01.patch
00716f54b37a141d61f2d895b5e38e856c2adfa1792b8d0daf89b31d9487f3ef  xsa326/xsa326-4.14-oxenstored-02.patch
b3af1131091795a911e390b39250c1ef0df6e24ff064fc8870f1c94885cfae28  xsa326/xsa326-4.14-oxenstored-03.patch
1b3ad4f4961b90929a64c13841158f5b024f97103e0b00e002cd3e0aaee4f327  xsa326/xsa326-4.14-oxenstored-04.patch
e125126593133912e94bd3c5ca26f7c57ae29b098a7983efb16dbd458f24c6a4  xsa326/xsa326-4.14-oxenstored-05.patch
5a59aad1f35e487d7fbf8bc1992f4c7a6a29add1cb88f956a0d4153ace1d1a5e  xsa326/xsa326-4.14-oxenstored-06.patch
ecfa701a5445710e3bded94ea7d7c33cbd1345c125ab5b4448afd2103d440aa6  xsa326/xsa326-4.14-oxenstored-07.patch
874b8a769c85e383cf5ca3d2432a8677ec8184209819495c3efb015dc560e886  xsa326/xsa326-4.14-oxenstored-08.patch
aeb6e39f84a63ad997307469d1a559691a9fb3cfb9f994931f9e6376eb6e2d77  xsa326/xsa326-4.14-xenstored-01.patch
6ee3af79bbd73a5f9e6140ff097a02d50109c2228a57be98f2d0bf6d3d2f8d91  xsa326/xsa326-4.14-xenstored-02.patch
21f6741ffab51aaa8ae0f69ac382ffb3d71bc877321138ebca9093080f833ae3  xsa326/xsa326-4.14-xenstored-03.patch
ff4d4532997ecab462dc867c2087aa00ee8bd3f673e00a512a05833cf6cfd334  xsa326/xsa326-4.14-xenstored-04.patch
9ba7a047c438416428ef5b0b5918847dd69f08ac89c0722025b8f869d6f01f76  xsa326/xsa326-4.14-xenstored-05.patch
a9079c88cccbe700803a2c5fa9904e37c301a6dbca1b799f34312fa9eb7e9b77  xsa326/xsa326-4.14-xenstored-06.patch
84ea04f588325fa206dcd147d8804202ba6bb9836e0689da6f6df1911907eac1  xsa326/xsa326-4.14-xenstored-07.patch
23801ac2d6e1397e59d02911d290d80b77237645dccb6ee13f04aac298e46c33  xsa326/xsa326-4.14-xenstored-08.patch
fed8db815707e9fb0c2d8e74ecefdb5e6c703d518870bd393deb0beaea6dae0b  xsa326/xsa326-4.14-xenstored-09.patch
0ff2f2b5e2d5beb86dae64daf95e04d0d78dd178347a4d4b73e2715dc27716d7  xsa326/xsa326-4.14-xenstored-10.patch
75fc02f19f2bb590ddaa8c6dad74ac50c74abc22a8cc52e3147da007451eb8f9  xsa326/xsa326-4.14-xenstored-11.patch
cda1828a6377aaf0d224e05828eeccaaf351392fa88ee817beef682fee852cbc  xsa326/xsa326-4.14-xenstored-12.patch
5716e292dafbea1b4f56b02b57b73ea34a258316dd6cd72764a6e42d883cb4c3  xsa326/xsa326-4.14-xenstored-13.patch
f639994224eafcc18ee353c9a63aedf7ef9b86092fcde295648b76e1ff52b750  xsa326/xsa326-4.14-xenstored-14.patch
4d23e0e4100eedbe20c46a72e6aadd5a29932a14bba6952b3103fdcfd3ba2f8f  xsa326/xsa326-4.14-xenstored-15.patch
34d0607dfe7821dd8754fbe32819aaf77fa6b8fee56d8807bd8485796f3cf051  xsa326/xsa326-4.14-xenstored-16.patch
4a66309620b56f3c666909144750419cb006256721a59b52d56ed68a851c7069  xsa326/xsa326-4.15-oxenstored-01.patch
91717f1d76f6c3694a713ddaf24d5e2c1a519eed3787731c605209864481e212  xsa326/xsa326-4.15-oxenstored-02.patch
4b325c3db61cfa283dc3b861c637f606fe10e3b8372218dbe9dcbdc967e92d3f  xsa326/xsa326-4.15-oxenstored-03.patch
df04e85c0b613ba527e387e238142c279c2b3a06a2e789eea834c2fce48f56f7  xsa326/xsa326-4.15-oxenstored-04.patch
0bad5b83483baf11fb562d7845d20944fb3bec85fd84e59745dd64e7ab5fd279  xsa326/xsa326-4.15-oxenstored-05.patch
8587933c0eaea211b33aa9c7d893089ac09666192e30388b1dc7e2bc968f7a14  xsa326/xsa326-4.15-oxenstored-06.patch
626450014e6141ab3dfe3ce5af1f5bc409ec2f397447871dc338f4c020e35a0a  xsa326/xsa326-4.15-oxenstored-07.patch
c48a816cddc756a350903aa920f5834a3646999c9fd4afea3fe80c1f0b03949a  xsa326/xsa326-4.15-oxenstored-08.patch
7b22be70b39730bbe5386630753fbbff2c07ec43dc50b6d9a4ca2891e0f4fcc6  xsa326/xsa326-4.15-xenstored-01.patch
79327151003e305b24b612fe2010b5d573540d04aacda756aac9237edc4cb719  xsa326/xsa326-4.15-xenstored-02.patch
0a8d6a7e34ddb59e120815b899483a8178f017ea1882982607f1395f6efcc11a  xsa326/xsa326-4.15-xenstored-03.patch
0648b891ed8b7110e37d4a6cb86279e549d3061371df8c50c159dc93193fe05a  xsa326/xsa326-4.15-xenstored-04.patch
5b735b23815c76e0e38822b94ca15ee2dee4c6dbeffedd102d2ae4a64e3b9728  xsa326/xsa326-4.15-xenstored-05.patch
5089e7180fd4494308057a7c9b4bd38fe0096adc931d5d172e71e193cc3afb09  xsa326/xsa326-4.15-xenstored-06.patch
695cd0a5ce3ec89e76ec25c75d5bd4f438ceccb45baaee91d7f093418280024a  xsa326/xsa326-4.15-xenstored-07.patch
adebc5adf4bc15476c6c04c56cb489cdf0743c5f6cb926cebc924a62106ee988  xsa326/xsa326-4.15-xenstored-08.patch
914f3534cf65d19c4d09e4fd5e8b20da7b853c80271108bd4882091fad072a04  xsa326/xsa326-4.15-xenstored-09.patch
818e46ebdbb0b66031ee9666f2b5b3c87d011792962a31ce118d363360acbb8c  xsa326/xsa326-4.15-xenstored-10.patch
99485ce97f4c155d2c10548023cac45c0be33f8e6e80cd194528971c18b90814  xsa326/xsa326-4.15-xenstored-11.patch
28062b383e3f2256195e390bafcf5c1c0cbf9441a72e1c928f2912f0c4c5d346  xsa326/xsa326-4.15-xenstored-12.patch
d4d8b45c8150d567ecfbf05b22390e8d431fd6b5755f79d0975a995154deaee4  xsa326/xsa326-4.15-xenstored-13.patch
498f0ac5dd855ae06a54d33c6a4df8b80cd81fa055862bccc4880400a8bf9290  xsa326/xsa326-4.15-xenstored-14.patch
0dc2d09d44fea2d8c92e6eab1150a8a647507924a1940b7440d33e9d75d7b54b  xsa326/xsa326-4.15-xenstored-15.patch
7923b9f6aebae22627d5868ad96ba04bce2cd59f1542074a222b9634e58b3d14  xsa326/xsa326-4.15-xenstored-16.patch
cd1dae7bfd8760319f92b19465f8dea6a3078e57af3b0d6eed76964b52e25f32  xsa326/xsa326-4.16-oxenstored-01.patch
b0747abf8441955a21ae9d40ba37f90bb8d20357d87bd0f54e6c0b4514d337a4  xsa326/xsa326-4.16-oxenstored-02.patch
a4d63582979bbf9898b04b52d679176e89ab1c0dc365b65276dbffdc4d0cb285  xsa326/xsa326-4.16-oxenstored-03.patch
22beca6cf06d457455bf830a1bb04fdd426edd8ef7398f2a8017e40cf2cc0db8  xsa326/xsa326-4.16-oxenstored-04.patch
b4956bbe168d68e406afdfa5777c34ad65546cb4cfa9e83fd6553b90edbb18d1  xsa326/xsa326-4.16-oxenstored-05.patch
e4f20d53435e11312baa026e7800113492767c7ef833dcc3649a77c128bb33f8  xsa326/xsa326-4.16-oxenstored-06.patch
b4444fd7343a8ca00536fca77104acd77b6daffdc50d98dc5160e91792225fbf  xsa326/xsa326-4.16-oxenstored-07.patch
b3b27bf0d8fe1e9ddd6c4bb2035d4cb7903e70c0f6337107788b24b8b28bcb1a  xsa326/xsa326-4.16-oxenstored-08.patch
33ae05fb16fdb3be668d91b9347e0d84fb2ce85ca96f046b67c404dbc9cb29e0  xsa326/xsa326-4.16-xenstored-01.patch
68e4dd96023730a2d6365cd171a692fa5dcf8ac252fc4becd708e085e7c3d7da  xsa326/xsa326-4.16-xenstored-02.patch
41aa119982657b994182a6406347297375e9c84f3a06b4dd29bbac24ba104211  xsa326/xsa326-4.16-xenstored-03.patch
513e06a3e314b2539ec981ecc05e088077c5dbc48382ca93ca3c060ad5fedcbd  xsa326/xsa326-4.16-xenstored-04.patch
314febb07e15162830d4d7cd773db580e7bc44a69181c2b60bf1c232905ea467  xsa326/xsa326-4.16-xenstored-05.patch
c5499422248db8e74d46bea74f997b91514ce3a4f216f06dd43f5c1a4ad6f8ac  xsa326/xsa326-4.16-xenstored-06.patch
9e932b0060e0de7cb502a195a5e323ef864f82e823c1f53dc2f935b9cca93cb8  xsa326/xsa326-4.16-xenstored-07.patch
d044d901dbffcdc831ffeb07772920948b98951921f90173d2a81745806a7cf9  xsa326/xsa326-4.16-xenstored-08.patch
591c5fd129a417b3dd22b740fc49b396a41514fb0a432bf5607f6f44c48193fb  xsa326/xsa326-4.16-xenstored-09.patch
64c7a3f0dcae54102864dd8bcb53428b13da9ffe63a3e8fcc81b13df15d4ed56  xsa326/xsa326-4.16-xenstored-10.patch
cf7ce7d533e5ee78cd667082fc4238ff75ef9db7e18814937e2d687de3651261  xsa326/xsa326-4.16-xenstored-11.patch
2edac0c5bbd5c7367d579e688d134be3c66fae9524c6364b5f7cf5eb27256fb9  xsa326/xsa326-4.16-xenstored-12.patch
d8c868ebd69fe09914bae02ad55ffe20d6e61517343674efdf123bc70c196eb5  xsa326/xsa326-4.16-xenstored-13.patch
1c9e0a5848b4e95bdc669b2ed1ee0817c07194095953a18e0ee83c14cfd075ce  xsa326/xsa326-4.16-xenstored-14.patch
e8956f19912f89ed87b3f69a74f91b90b11337b3fde014399247cfb4dc31d464  xsa326/xsa326-4.16-xenstored-15.patch
1c5b7ab23f5e51cd19e9ef27821942974d20231c933ed8c362c3f8e098d366e9  xsa326/xsa326-4.16-xenstored-16.patch
a0f5b3f384ece041230f19c7feed3684a7c0fbac16aa26686f54e3fb2a47acb9  xsa326/xsa326-oxenstored-01.patch
866a761d4c77323611295c22c56ea8f89654de2abdabf169a31711852853b234  xsa326/xsa326-oxenstored-02.patch
a3fe1936a0d97ae2ec06bb227dc16473b0b8ee7adb03a88ff810facb3eb3d9e2  xsa326/xsa326-oxenstored-03.patch
0c80947a726978a9a05fe45c17094ba7b9f32661caedfcc1b60bb153dc8890b3  xsa326/xsa326-oxenstored-04.patch
070079ca2007aefbb5fb717b414591fc243d332e9be79c9bf2e30f431d84c888  xsa326/xsa326-oxenstored-05.patch
bb223f10a9549e8d87b2b78c4313d2862d250aa63cf0dc34681489bfcf052132  xsa326/xsa326-oxenstored-06.patch
280244cf76a4337ec7d08662dc39b5d14cd165b321316867d2efbbc87fcd468d  xsa326/xsa326-oxenstored-07.patch
7e8cc25e89d1bf05de97aa942608c4d84cb21826bdc95670f60eae78f7b512b5  xsa326/xsa326-xenstored-01.patch
920c6dc581e693f2a6ef51ed70137d27ec3bf2a82a143700a31022bd96a5b655  xsa326/xsa326-xenstored-02.patch
89b406de89bfc4be2845fde74b754d6f7812688b60f28c0ffa7aec2967eed415  xsa326/xsa326-xenstored-03.patch
ad297956d369df917b9964f4f818dbbed84f25a5e41478b87256918ba424fc2d  xsa326/xsa326-xenstored-04.patch
29cad3f013ca2f0731a59b8063bfec4c5c9b65e209eece8e65de735991825965  xsa326/xsa326-xenstored-05.patch
764e2224a1e3e70c7df2dd8fd5f1ec000183925910801607931633e4d44df3fa  xsa326/xsa326-xenstored-06.patch
3bf7c28bd910cf7ddc71711a7d7b16de605f82387baeac96d09d5ec4f099ad13  xsa326/xsa326-xenstored-07.patch
a28beecd05d229926eeb7562f4931c83fbc75947bceb8e6dc6c2d5b6e918afe4  xsa326/xsa326-xenstored-08.patch
0159d510e3b752dfab0925cb03124052661abeb5b2a3989453aa205704a13020  xsa326/xsa326-xenstored-09.patch
d649ab5a0e3bc63a77f6b4b1dad8b83e5a2aa642b0d961ec923cdaece30f749c  xsa326/xsa326-xenstored-10.patch
6cdfef9f1b711be2e7acd5fd95a731c6fa2e644d6fb250870adb111ce00e5468  xsa326/xsa326-xenstored-11.patch
ec3ed4bfd7fd72edb6d9b022b265769b55aa4c2e92bc2a068e51e6f01a8b3805  xsa326/xsa326-xenstored-12.patch
b78e1a183c59e796117e7304883e34163b8f8fb5baa9f596405c3ecf5cdc5550  xsa326/xsa326-xenstored-13.patch
c8acc1013b177dad3aacef7154ab96018ddd014501696c8fb6807cf29a8a9338  xsa326/xsa326-xenstored-14.patch
fb4b325db3c613a41a2b71d4ea73d762d8fd3a8512dc5dc691f4c5d6cf2ccbd7  xsa326/xsa326-xenstored-15.patch
6ed882d3c9fac5ec814874b5f7e678144a236fca01592464a182de2c6b081664  xsa326/xsa326-xenstored-16.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.


(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmNaeJkMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZkuoH/3ty0l03s9RjClOp28L5iEQ/y1+rDHgqw5jUKMsL
r8DH9H3G/8ycUD2lGwD7QqT0vber2HD+bYge9pS/MgsDYghlpcD4ZywU0keLqkOL
EwGsUEJvxCh1mdmOcxYN5N9G76qm/6oaG5ibT3SzkAyGtAWpgPwwDHFdm+CeN2VR
gY7cU0boov48v0aS0kUHvyEQE33XJr8W70LRwfslvrQ2JfI1FYp6nowNNByygxJI
HXxFRJ6opd5wt8rKMOWHrko/VWpBEFd2KtQmemqoFG0jD/5Mm+xmCFLpGEQ8DHuM
fsoZ1WM4HBFcJSdZcgbs6J+CmKNtJk5mb3OXKP9fH/ZI9pk=
=fuCc
-----END PGP SIGNATURE-----
Comment 6 Charles Arnold 2022-10-28 19:35:55 UTC 
Submitted.
Comment 8 Marcus Meissner 2022-11-02 12:13:02 UTC 
is public

https://xenbits.xen.org/xsa/advisory-326.html

Hash: SHA256

 Xen Security Advisory CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318 / XSA-326
                                                                        version 4

         Xenstore: guests can let run xenstored out of memory

UPDATES IN VERSION 4
====================

Public release.

ISSUE DESCRIPTION
=================

Malicious guests can cause xenstored to allocate vast amounts of memory,
eventually resulting in a Denial of Service (DoS) of xenstored.

There are multiple ways how guests can cause large memory allocations
in xenstored:

- - by issuing new requests to xenstored without reading the responses,
  causing the responses to be buffered in memory

- - by causing large number of watch events to be generated via setting up
  multiple xenstore watches and then e.g. deleting many xenstore nodes
  below the watched path

- - by creating as many nodes as allowed with the maximum allowed size and
  path length in as many transactions as possible

- - by accessing many nodes inside a transaction

IMPACT
======

Unprivileged guests can cause a DoS of xenstored, resulting in the
inability to create new guests or modify the configuration of running
guests.

VULNERABLE SYSTEMS
==================

All Xen versions are vulnerable.

Both Xenstore implementations (C and Ocaml) are vulnerable.

MITIGATION
==========

There is no mitigation available.

CREDITS
=======

This issue was discovered by Julien Grall of Amazon.

RESOLUTION
==========

Applying the appropriate attached patches resolve this issue.

Note that the final oxenstored patch (7 or 8, as applicable) is limiting
the security support for oxenstored to trusted driver domains only.

C xenstored Patches 15 and 16 are not part of the XSA, but are useful
for administrators to change current xenstored quota settings and to
audit per-guest resource usage in xenstored.

Note that the patches are based on top of the patches for XSA-414 and
XSA-415. There is a subtle dependency on XSA-419, which can't be resolved
easily, so the patches of XSA-326 should always be applied together with
those of XSA-419.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa326/xsa326-xenstored-??.patch           xen-unstable
xsa326/xsa326-oxenstored-??.patch          xen-unstable
xsa326/xsa326-4.16-xenstored-??.patch      Xen 4.16.x
xsa326/xsa326-4.16-oxenstored-??.patch     Xen 4.16.x
xsa326/xsa326-4.15-xenstored-??.patch      Xen 4.15.x
xsa326/xsa326-4.15-oxenstored-??.patch     Xen 4.15.x
xsa326/xsa326-4.14-xenstored-??.patch      Xen 4.14.x
xsa326/xsa326-4.14-oxenstored-??.patch     Xen 4.14.x
xsa326/xsa326-4.13-xenstored-??.patch      Xen 4.13.x
xsa326/xsa326-4.13-oxenstored-??.patch     Xen 4.13.x
Comment 9 Swamp Workflow Management 2022-11-09 17:28:23 UTC 
SUSE-SU-2022:3925-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2021-28689,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    xen-4.10.4_40-150000.3.84.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    xen-4.10.4_40-150000.3.84.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    xen-4.10.4_40-150000.3.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-11-10 14:23:38 UTC 
SUSE-SU-2022:3928-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1193923,1199966,1200762,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2021-28689,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    xen-4.12.4_30-150100.3.80.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    xen-4.12.4_30-150100.3.80.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    xen-4.12.4_30-150100.3.80.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    xen-4.12.4_30-150100.3.80.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    xen-4.12.4_30-150100.3.80.1
SUSE Enterprise Storage 6 (src):    xen-4.12.4_30-150100.3.80.1
SUSE CaaS Platform 4.0 (src):    xen-4.12.4_30-150100.3.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-11-11 20:52:55 UTC 
SUSE-SU-2022:3960-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    xen-4.9.4_34-3.114.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-11-11 21:00:41 UTC 
SUSE-SU-2022:3947-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1027519,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    xen-4.14.5_08-150300.3.40.1
openSUSE Leap 15.3 (src):    xen-4.14.5_08-150300.3.40.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    xen-4.14.5_08-150300.3.40.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    xen-4.14.5_08-150300.3.40.1
SUSE Linux Enterprise Micro 5.2 (src):    xen-4.14.5_08-150300.3.40.1
SUSE Linux Enterprise Micro 5.1 (src):    xen-4.14.5_08-150300.3.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-11-14 17:21:56 UTC 
SUSE-SU-2022:3971-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1027519,1167608,1185104,1193923,1199966,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2021-28689,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    xen-4.13.4_16-150200.3.65.1
SUSE Manager Retail Branch Server 4.1 (src):    xen-4.13.4_16-150200.3.65.1
SUSE Manager Proxy 4.1 (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    xen-4.13.4_16-150200.3.65.1
SUSE Enterprise Storage 7 (src):    xen-4.13.4_16-150200.3.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-11-16 11:22:47 UTC 
SUSE-SU-2022:4007-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1027519,1193923,1203806,1203807,1204482,1204483,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326,CVE-2022-42327
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    xen-4.16.2_08-150400.4.16.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    xen-4.16.2_08-150400.4.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    xen-4.16.2_08-150400.4.16.1
SUSE Linux Enterprise Micro 5.3 (src):    xen-4.16.2_08-150400.4.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2022-11-17 17:25:38 UTC 
SUSE-SU-2022:4051-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1203806,1203807,1204482,1204485,1204487,1204489,1204490,1204494
CVE References: CVE-2021-28689,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    xen-4.7.6_28-43.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-11-28 14:25:08 UTC 
SUSE-SU-2022:4241-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2021-28689,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    xen-4.11.4_34-2.83.1
SUSE OpenStack Cloud 9 (src):    xen-4.11.4_34-2.83.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    xen-4.11.4_34-2.83.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    xen-4.11.4_34-2.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2022-12-06 17:22:42 UTC 
SUSE-SU-2022:4332-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1193923,1203806,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    xen-4.12.4_30-3.82.1
SUSE Linux Enterprise Server 12-SP5 (src):    xen-4.12.4_30-3.82.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
First Last Prev Next    This bug is not in your last search results.