CVE-2015-8341 — Uncontrolled Resource Consumption in XEN

CWE-399 CWE-400 — Uncontrolled Resource Consumption8 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 32.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 17

Latest updateMay 17

Description

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.0~rc3-1 (bookworm)

▶Debianxen/xen< 4.8.0~rc3-1+3

▶NVDxen/xen27 versions+26

🔴Vulnerability Details

GHSA

GHSA-qcgw-prmf-2x36: The libxl toolstack library in Xen 4↗2022-05-17

▶

OSV

CVE-2015-8341: The libxl toolstack library in Xen 4↗2015-12-17

▶

📋Vendor Advisories

Red Hat

xen: libxl leak of PV kernel can cause OOM condition↗2015-12-08

▶

Debian

CVE-2015-8341: xen - The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release...↗2015

▶

💬Community

Bugzilla

CVE-2015-8629 krb5: xdr_nullstring() doesn't check for terminating null character↗2016-01-28

▶

Bugzilla

CVE-2015-8338 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 xen: various flaws [fedora-all]↗2015-12-08

▶

Bugzilla

CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition↗2015-11-24

▶