Published: 17/12/2015 Updated: 01/07/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The libxl toolstack library in Xen 4.1.x up to and including 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows malicious users to cause a denial of service (memory and disk consumption) by starting domains.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 4.1.1
xen xen 4.1.2
xen xen 4.2.0
xen xen 4.2.3
xen xen 4.3.4
xen xen 4.4.0
xen xen 4.6.0
xen xen 4.1.3
xen xen 4.1.4
xen xen 4.2.4
xen xen 4.2.5
xen xen 4.4.1
xen xen 4.4.2
xen xen 4.1.0
xen xen 4.1.6.1
xen xen 4.2.2
xen xen 4.2.1
xen xen 4.3.2
xen xen 4.3.3
xen xen 4.5.1
xen xen 4.5.2
xen xen 4.1.5
xen xen 4.1.6
xen xen 4.3.0
xen xen 4.3.1
xen xen 4.4.3
xen xen 4.5.0

Debian Bug report logs - #823620 Multiple security issues Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 6 May 2016 18:03:02 UTC Severity: grave Tags: security Fixed in versions xen/480~rc3-1, xen/48 ...

Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure The oldstable distribution (wheezy) will be updated in a separate DSA For the stable distribution (jessie), these problems have been fixed in version 441-9+deb8u4 For the unstable distribution (sid), thes ...

CWE-399 http://xenbits.xen.org/xsa/advisory-160.html http://www.debian.org/security/2016/dsa-3519 http://www.securitytracker.com/id/1034389 https://security.gentoo.org/glsa/201604-03 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620 https://www.debian.org/security/./dsa-3519

CVE-2015-8341

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect