UBUNTU-CVE-2015-8338

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2015-8338

Published: 17 Dec 2015, 19:59

Last modified:22 Apr 2026, 10:20

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Dec 2015, 19:59

Published

Vulnerability first disclosed

22 Apr 2026, 10:20

Last Modified

Vulnerability information updated

Description

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

Affected Systems

ubuntu•xen
< 4.4.2-0ubuntu0.14.04.4

References (3)

https://ubuntu.com/security/CVE-2015-8338
http://xenbits.xen.org/xsa/advisory-158.html
https://www.cve.org/CVERecord?id=CVE-2015-8338