CVE-2015-8339

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2015-8339 DLA-479-1 DSA-3519-1 MGASA-2016-0098 OPENSUSE-SU-2024:10196-1 SUSE-SU-2015:2306-1

Modified

Published: 17 Dec 2015, 19:00

Last modified:06 Aug 2024, 08:13

Vulnerability Summary

Overall Risk (default)

low

19/100

CVSS Score

4.7 MEDIUM

v2.0 (nvd)

EPSS Score

0.1% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Dec 2015, 19:00

Published

Vulnerability first disclosed

06 Aug 2024, 08:13

Last Modified

Vulnerability information updated

Description

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.

CVSS Metrics

v2.0•MEDIUM•Score: 4.7AV:L/AC:M/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.10%• Percentile: 27%

Techniques & Countermeasures

CWE-19•Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

Affected Systems

xen•xen
3.2.0 | 3.2.1 | 3.2.2 | 3.2.3 | 3.3.0 | 3.3.1 | 3.3.2 | 3.4.0 | 3.4.1 | 3.4.2 | 3.4.3 | 3.4.4 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.1.0 | 4.1.1 | 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.1.6 | 4.1.6.1 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.2.4 | 4.2.5 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.4.0 | 4.4.1 | 4.4.2 | 4.4.3 | 4.5.0 | 4.5.1 | 4.5.2 | 4.6.0