CVE-2015-8341

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://xenbits.xen.org/xsa/advisory-160.html	Vendor Advisory
http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034389
https://security.gentoo.org/glsa/201604-03

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:xen:xen:4.1.1:::::::*
	cpe:2.3:o:xen:xen:4.1.2:::::::*
	cpe:2.3:o:xen:xen:4.2.0:::::::*
	cpe:2.3:o:xen:xen:4.2.3:::::::*
	cpe:2.3:o:xen:xen:4.3.4:::::::*
	cpe:2.3:o:xen:xen:4.4.0:::::::*
	cpe:2.3:o:xen:xen:4.6.0:::::::*
	cpe:2.3:o:xen:xen:4.1.3:::::::*
	cpe:2.3:o:xen:xen:4.1.4:::::::*
	cpe:2.3:o:xen:xen:4.2.4:::::::*
	cpe:2.3:o:xen:xen:4.2.5:::::::*
	cpe:2.3:o:xen:xen:4.3.2:::::::*
	cpe:2.3:o:xen:xen:4.1.5:::::::*
	cpe:2.3:o:xen:xen:4.2.2:::::::*
	cpe:2.3:o:xen:xen:4.3.3:::::::*
	cpe:2.3:o:xen:xen:4.3.0:::::::*
	cpe:2.3:o:xen:xen:4.5.2:::::::*
	cpe:2.3:o:xen:xen:4.4.2:::::::*
	cpe:2.3:o:xen:xen:4.4.3:::::::*
	cpe:2.3:o:xen:xen:4.1.0:::::::*
	cpe:2.3:o:xen:xen:4.1.6:::::::*
	cpe:2.3:o:xen:xen:4.1.6.1:::::::*
	cpe:2.3:o:xen:xen:4.5.1:::::::*
	cpe:2.3:o:xen:xen:4.4.1:::::::*
	cpe:2.3:o:xen:xen:4.3.1:::::::*
	cpe:2.3:o:xen:xen:4.2.1:::::::*
	cpe:2.3:o:xen:xen:4.5.0:::::::*

Information

Published : 2015-12-17 11:59

Updated : 2017-06-30 18:29

NVD link : CVE-2015-8341

Mitre link : CVE-2015-8341

JSON object : View

CWE

CWE-399

Resource Management Errors

Advertisement

Products Affected

xen

xen

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://xenbits.xen.org/xsa/advisory-160.html", "name": "http://xenbits.xen.org/xsa/advisory-160.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2016/dsa-3519", "name": "DSA-3519", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.securitytracker.com/id/1034389", "name": "1034389", "tags": [], "refsource": "SECTRACK"}, {"url": "https://security.gentoo.org/glsa/201604-03", "name": "GLSA-201604-03", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-8341", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-12-17T19:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-01T01:29Z"}