CVE-2015-8341

Xen 4.1.x-4.6.x - Denial of Service via libxl Toolstack Library

Title source: llm
STIX 2.1

Description

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3519
Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-160.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034389
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201604-03

Scores

EPSS 0.0054
EPSS Percentile 67.8%

Details

CWE
CWE-399
Status published
Products (27)
xen/xen 4.1.0
xen/xen 4.1.1
xen/xen 4.1.2
xen/xen 4.1.3
xen/xen 4.1.4
xen/xen 4.1.5
xen/xen 4.1.6
xen/xen 4.1.6.1
xen/xen 4.2.0
xen/xen 4.2.1
... and 17 more
Published Dec 17, 2015
Tracked Since Feb 18, 2026