CVE-2015-0361

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.2.4
xenxen
4.2.5
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.3.2
xenxen
4.3.3
xenxen
4.4.0
xenxen
4.4.1
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
squeeze
not-affected
trixie
4.17.3+36-g54dacb5c02-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
lucid
dne
precise
not-affected
trusty
Fixed 4.4.1-0ubuntu0.14.04.4
released
utopic
Fixed 4.4.1-0ubuntu0.14.10.4
released
xen-3.3
lucid
not-affected
precise
dne
trusty
dne
utopic
dne
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148103.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148241.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://www.securityfocus.com/bid/71882
http://www.securitytracker.com/id/1031498
http://xenbits.xen.org/xsa/advisory-116.html
https://security.gentoo.org/glsa/201504-04
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148103.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148241.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
http://www.securityfocus.com/bid/71882
http://www.securitytracker.com/id/1031498
http://xenbits.xen.org/xsa/advisory-116.html
https://security.gentoo.org/glsa/201504-04