CVE-2015-8341

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.1.6
xenxen
4.1.6.1
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.2.4
xenxen
4.2.5
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.3.2
xenxen
4.3.3
xenxen
4.3.4
xenxen
4.4.0
xenxen
4.4.1
xenxen
4.4.2
xenxen
4.4.3
xenxen
4.5.0
xenxen
4.5.1
xenxen
4.5.2
xenxen
4.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
wheezy
no-dsa
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
wily
Fixed 4.5.1-0ubuntu1.2
released
vivid
Fixed 4.5.0-1ubuntu4.4
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.4
released
precise
not-affected
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034389
http://xenbits.xen.org/xsa/advisory-160.html
https://security.gentoo.org/glsa/201604-03
http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034389
http://xenbits.xen.org/xsa/advisory-160.html
https://security.gentoo.org/glsa/201604-03