CVE-2015-8340 — Improper Locking in XEN

CWE-17 CWE-667 — Improper Locking7 documents6 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 77.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 17

Latest updateMay 17

Description

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.0~rc3-1 (bookworm)

▶Debianxen/xen< 4.8.0~rc3-1+3

▶NVDxen/xen44 versions+43

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-m46m-c4vg-mwcw: The memory_exchange function in common/memory↗2022-05-17

▶

OSV

CVE-2015-8340: The memory_exchange function in common/memory↗2015-12-17

▶

📋Vendor Advisories

Red Hat

xen: XENMEM_exchange error handling may cause DoS to host↗2015-12-08

▶

Debian

CVE-2015-8340: xen - The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does ...↗2015

▶

💬Community

Bugzilla

CVE-2015-8338 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 xen: various flaws [fedora-all]↗2015-12-08

▶

Bugzilla

CVE-2015-8339 CVE-2015-8340 xen: XENMEM_exchange error handling may cause DoS to host↗2015-11-24

▶