Allocation of Resources Without Limits or Throttling

Summary

Xenstore: guests can let run xenstored out of memory [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible by accessing many nodes inside a transaction. This issue affects xen versions through RELEASE-4.13.4, 4.14.0-rc1 through RELEASE-4.14.5, 4.15.0-rc1 through RELEASE-4.15.3, 4.16.0-rc1 through RELEASE-4.16.2, and 4.17.0-rc1 through 4.17.0-rc2.