CVE-2015-8341

EUVD-2015-8225
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.1.6
xenxen
4.1.6.1
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.2.4
xenxen
4.2.5
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.3.2
xenxen
4.3.3
xenxen
4.3.4
xenxen
4.4.0
xenxen
4.4.1
xenxen
4.4.2
xenxen
4.4.3
xenxen
4.5.0
xenxen
4.5.1
xenxen
4.5.2
xenxen
4.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
precise
not-affected
trusty
Fixed 4.4.2-0ubuntu0.14.04.4
released
vivid
Fixed 4.5.0-1ubuntu4.4
released
wily
Fixed 4.5.1-0ubuntu1.2
released
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034389
http://xenbits.xen.org/xsa/advisory-160.html
https://security.gentoo.org/glsa/201604-03
http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034389
http://xenbits.xen.org/xsa/advisory-160.html
https://security.gentoo.org/glsa/201604-03