PT-2015-2907 · Xen+1 · Xen+1

George Dunlap

Publicado

2015-12-08

Atualizado

2024-06-15

CVE-2015-8341

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.1.x through 4.6.x

Description The issue is related to the libxl toolstack library in Xen, which does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process. This allows attackers to cause a denial of service by consuming memory and disk space through starting domains.

Recommendations For Xen versions 4.1.x through 4.6.x, consider restricting the management of multiple domains in the same process to minimize the risk of exploitation. As a temporary workaround, consider limiting the number of domains that can be started in the same process until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

BDU:2016-00004

CVE-2015-8341

DSA-3519-1

OPENSUSE-SU-2016_0123-1

OPENSUSE-SU-2016_0124-1

OPENSUSE-SU-2016_0126-1

OPENSUSE-SU-2024:10196-1

SUSE-SU-2015:2324-1

SUSE-SU-2015:2326-1

SUSE-SU-2015:2328-1

SUSE-SU-2015:2338-1

Produtos afetados

Suse

Xen

PT-2015-2907 · Xen+1 · Xen+1

CVE-2015-8341

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 206