Main Vulnerability Database Vulnerabilities #VU40574

Resource management error in Xen - CVE-2015-8341

Published: December 17, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40574

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-8341

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

How to mitigate CVE-2015-8341

Install update from vendor's website.

Sources

http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034389
http://xenbits.xen.org/xsa/advisory-160.html
https://security.gentoo.org/glsa/201604-03

Resource management error in Xen - CVE-2015-8341

Detailed vulnerability description

How to mitigate CVE-2015-8341

Sources

Please verify you're human