Published: 17/12/2015 Updated: 12/04/2025

The libxl toolstack library in Xen 4.1.x up to and including 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows malicious users to cause a denial of service (memory and disk consumption) by starting domains.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 4.1.0
xen xen 4.1.1
xen xen 4.1.2
xen xen 4.1.3
xen xen 4.1.4
xen xen 4.1.5
xen xen 4.1.6
xen xen 4.1.6.1
xen xen 4.2.0
xen xen 4.2.1
xen xen 4.2.2
xen xen 4.2.3
xen xen 4.2.4
xen xen 4.2.5
xen xen 4.3.0
xen xen 4.3.1
xen xen 4.3.2
xen xen 4.3.3
xen xen 4.3.4
xen xen 4.4.0
xen xen 4.4.1
xen xen 4.4.2
xen xen 4.4.3
xen xen 4.5.0
xen xen 4.5.1
xen xen 4.5.2
xen xen 4.6.0

Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure The oldstable distribution (wheezy) will be updated in a separate DSA For the stable distribution (jessie), these problems have been fixed in version 441-9+deb8u4 For the unstable distribution (sid), thes ...

Debian Bug report logs - #823620 Multiple security issues Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 6 May 2016 18:03:02 UTC Severity: grave Tags: security Fixed in versions xen/480~rc3-1, xen/48 ...

CWE-399 https://nvd.nist.gov https://www.debian.org/security/./dsa-3519 https://www.first.org/epss http://www.debian.org/security/2016/dsa-3519 http://www.securitytracker.com/id/1034389 http://xenbits.xen.org/xsa/advisory-160.html https://security.gentoo.org/glsa/201604-03 http://www.debian.org/security/2016/dsa-3519 http://www.securitytracker.com/id/1034389 http://xenbits.xen.org/xsa/advisory-160.html https://security.gentoo.org/glsa/201604-03

CVE-2015-8341

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect