PT-2015-2907 · Xen+1 · Xen+1

George Dunlap

Published

2015-12-08

Updated

2024-06-15

CVE-2015-8341

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.1.x through 4.6.x

Description The issue is related to the libxl toolstack library in Xen, which does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process. This allows attackers to cause a denial of service by consuming memory and disk space through starting domains.

Recommendations For Xen versions 4.1.x through 4.6.x, consider restricting the management of multiple domains in the same process to minimize the risk of exploitation. As a temporary workaround, consider limiting the number of domains that can be started in the same process until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2016-00004

CVE-2015-8341

DSA-3519-1

OPENSUSE-SU-2016_0123-1

OPENSUSE-SU-2016_0124-1

OPENSUSE-SU-2016_0126-1

OPENSUSE-SU-2024:10196-1

SUSE-SU-2015:2324-1

SUSE-SU-2015:2326-1

SUSE-SU-2015:2328-1

SUSE-SU-2015:2338-1

Affected Products

Suse

Xen

PT-2015-2907 · Xen+1 · Xen+1

CVE-2015-8341

Weakness Enumeration

Related Identifiers

Affected Products

References · 206