CVE-2015-8341

HIGH

Description

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

References

http://www.debian.org/security/2016/dsa-3519

http://www.securitytracker.com/id/1034389

http://xenbits.xen.org/xsa/advisory-160.html

https://security.gentoo.org/glsa/201604-03

Details

Source: MITRE

Published: 2015-12-17

Updated: 2017-07-01

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
90380GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
high
90030Debian DSA-3519-1 : xen - security updateNessusDebian Local Security Checks
high
89151Fedora 23 : xen-4.5.2-5.fc23 (2015-12a089920e)NessusFedora Local Security Checks
high
89135Fedora 22 : xen-4.5.2-5.fc22 (2015-08e4af5a20)NessusFedora Local Security Checks
high
88170OracleVM 3.3 : xen (OVMSA-2016-0007)NessusOracleVM Local Security Checks
high
88126openSUSE Security Update : xen (openSUSE-2016-36)NessusSuSE Local Security Checks
high
88125openSUSE Security Update : xen (openSUSE-2016-35)NessusSuSE Local Security Checks
high
88124openSUSE Security Update : xen (openSUSE-2016-34)NessusSuSE Local Security Checks
high
87745FreeBSD : xen-tools -- libxl leak of pv kernel and initrd on error (5d1d4473-b40d-11e5-9728-002590263bf5)NessusFreeBSD Local Security Checks
high
87650SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2338-1)NessusSuSE Local Security Checks
high
87591SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2328-1)NessusSuSE Local Security Checks
high
87590SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2326-1)NessusSuSE Local Security Checks
high
87588SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2324-1)NessusSuSE Local Security Checks
high