CVE-2015-0361Use After Free in XEN

CWE-416Use After Free9 documents7 sources
Severity
7.8HIGHNVD
EPSS
1.5%
top 18.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENOpensuse
Timeline
PublishedJan 7
Latest updateMay 14

Description

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages4 packages

debiandebian/xen< xen 4.4.1-7 (bookworm)
Debianxen/xen< 4.4.1-7+3
NVDxen/xen12 versions+11
NVDopensuse/opensuse13.1, 13.2+1

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

2
GHSA
GHSA-f69m-xh7g-gr6j: Use-after-free vulnerability in Xen 42022-05-14
OSV
CVE-2015-0361: Use-after-free vulnerability in Xen 42015-01-07

📋Vendor Advisories

2
Red Hat
kernel: xen crash due to use after free on hvm guest teardown (xsa116)2015-01-06
Debian
CVE-2015-0361: xen - Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domain...2015

🕵️Threat Intelligence

2
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities2015-03-17
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities2015-03-17

💬Community

2
Bugzilla
CVE-2015-0361 xen: kernel: xen crash due to use after free on hvm guest teardown (xsa116) [fedora-all]2015-01-06
Bugzilla
CVE-2015-0361 kernel: xen crash due to use after free on hvm guest teardown (xsa116)2014-12-19