Vulnerability Description
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.1.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3519
- http://www.securitytracker.com/id/1034389
- http://xenbits.xen.org/xsa/advisory-160.htmlVendor Advisory
- https://security.gentoo.org/glsa/201604-03
- http://www.debian.org/security/2016/dsa-3519
- http://www.securitytracker.com/id/1034389
- http://xenbits.xen.org/xsa/advisory-160.htmlVendor Advisory
- https://security.gentoo.org/glsa/201604-03
FAQ
What is CVE-2015-8341?
CVE-2015-8341 is a vulnerability with a CVSS score of 7.8 (HIGH). The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows...
How severe is CVE-2015-8341?
CVE-2015-8341 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8341?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.