CVE-2015-8341

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2015-8341 DSA-3519-1 OPENSUSE-SU-2024:10196-1 SUSE-SU-2015:2324-1 SUSE-SU-2015:2326-1 SUSE-SU-2015:2328-1

Modified

Published: 17 Dec 2015, 19:00

Last modified:06 Aug 2024, 08:13

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v2.0 (nvd)

EPSS Score

0.54% LOW

1% probability -0.19%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Dec 2015, 19:00

Published

Vulnerability first disclosed

06 Aug 2024, 08:13

Last Modified

Vulnerability information updated

Description

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

CVSS Metrics

v2.0•HIGH•Score: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.54%• Percentile: 68%

Techniques & Countermeasures

CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.

Affected Systems

xen•xen
4.1.0 | 4.1.1 | 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.1.6 | 4.1.6.1 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.2.4 | 4.2.5 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.4.0 | 4.4.1 | 4.4.2 | 4.4.3 | 4.5.0 | 4.5.1 | 4.5.2 | 4.6.0