Vulnerabilites related to xen - xapi
cve-2022-33749
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-413.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-413.html"
},
{
"name": "[oss-security] 20221011 Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/11/4"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xapi",
"vendor": "Xapi",
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-413"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors."
}
],
"metrics": [
{
"other": {
"content": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker is capable of blocking connections to the XAPI HTTP\ninterface, and also interrupt ongoing operations, causing a XAPI\ntoolstack Denial of Service. Such DoS would also affect any guests\nthat require toolstack actions."
}
]
}
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unknown",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:07:28.154896",
"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
"shortName": "XEN"
},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-413.txt"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-413.html"
},
{
"name": "[oss-security] 20221011 Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/11/4"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
"assignerShortName": "XEN",
"cveId": "CVE-2022-33749",
"datePublished": "2022-10-11T00:00:00",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29487
Vulnerability from cvelistv5
Published
2020-12-15 17:30
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://xenbits.xenproject.org/xsa/advisory-354.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-30 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-354.html"
},
{
"name": "GLSA-202107-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0\u0027s configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T04:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-354.html"
},
{
"name": "GLSA-202107-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0\u0027s configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xenproject.org/xsa/advisory-354.html",
"refsource": "MISC",
"url": "https://xenbits.xenproject.org/xsa/advisory-354.html"
},
{
"name": "GLSA-202107-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29487",
"datePublished": "2020-12-15T17:30:55",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-08-04T16:55:09.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-12-15 18:15
Modified
2024-11-21 05:24
Severity ?
Summary
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gentoo.org/glsa/202107-30 | Third Party Advisory | |
| cve@mitre.org | https://xenbits.xenproject.org/xsa/advisory-354.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-30 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://xenbits.xenproject.org/xsa/advisory-354.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E60C15D4-5A84-4767-A567-E02FEBCB60EC",
"versionEndExcluding": "2020-12-15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0\u0027s configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xen XAPI antes del 15/12/2020. Determinadas claves de xenstore proporcionan comentarios del invitado y, por lo tanto, son supervisadas por toolstack. Espec\u00edficamente, las claves son supervisadas por xenopsd y los datos son reenviados por medio de RPC mediante message-switch hacia xapi. La l\u00f3gica de observaci\u00f3n en xenopsd env\u00eda una actualizaci\u00f3n RPC que contiene todos los datos, cada vez que una sola clave de xenstore es actualizada y, por lo tanto, presenta una complejidad de tiempo O(N^2). Adem\u00e1s, message-switch conserva los mensajes RPC recientes (actualmente 128) con prop\u00f3sitos de diagn\u00f3stico, lo que genera una complejidad de espacio O(M*N). La cantidad de memoria que un solo invitado puede monopolizar est\u00e1 limitada por la cuota almacenada en xen, pero la cuota es bastante grande. Se cree que supera 1G por invitado malicioso. En la pr\u00e1ctica, esto se manifiesta como una denegaci\u00f3n de servicio del host, ya sea a trav\u00e9s de message-switch contra el intercambio, o mediante OOM por completo, dependiendo de la configuraci\u00f3n de dom0. (No existen cuotas en xenopsd para limitar la cantidad de claves que resultan en tr\u00e1fico RPC.) Un invitado con errores o malicioso puede causar un uso de memoria irrazonable en dom0, resultando en una denegaci\u00f3n de servicio del host. Todas las versiones de XAPI son vulnerables. Los sistemas que no est\u00e1n usando la toolstack de XAPI no son vulnerables"
}
],
"id": "CVE-2020-29487",
"lastModified": "2024-11-21T05:24:05.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T18:15:15.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-30"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-354.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-354.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-11 13:15
Modified
2024-11-21 07:08
Severity ?
Summary
XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@xen.org | http://www.openwall.com/lists/oss-security/2022/10/11/4 | Mailing List, Patch, Third Party Advisory | |
| security@xen.org | http://xenbits.xen.org/xsa/advisory-413.html | Patch, Vendor Advisory | |
| security@xen.org | https://security.gentoo.org/glsa/202402-07 | ||
| security@xen.org | https://xenbits.xenproject.org/xsa/advisory-413.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/10/11/4 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://xenbits.xen.org/xsa/advisory-413.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202402-07 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://xenbits.xenproject.org/xsa/advisory-413.txt | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5FE9BB-705E-4705-BF39-B671ECD8AAD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors."
},
{
"lang": "es",
"value": "Es posible que un cliente no autenticado en la red cause que XAPI alcance su l\u00edmite de descriptores de archivo. Esto causa que XAPI no pueda aceptar nuevas peticiones de otros clientes (confiables), y bloquea a XAPI de llevar a cabo cualquier tarea que requiera la apertura de descriptores de archivo"
}
],
"id": "CVE-2022-33749",
"lastModified": "2024-11-21T07:08:27.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-11T13:15:10.193",
"references": [
{
"source": "security@xen.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/11/4"
},
{
"source": "security@xen.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-413.html"
},
{
"source": "security@xen.org",
"url": "https://security.gentoo.org/glsa/202402-07"
},
{
"source": "security@xen.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-413.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-413.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202402-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-413.txt"
}
],
"sourceIdentifier": "security@xen.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}