CVE-2015-8341

NameCVE-2015-8341
DescriptionThe libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3519-1
NVD severityhigh (attack range: remote)
Debian Bugs823620

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)jessie (security), jessie4.4.1-9+deb8u10fixed
stretch (security)4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7fixed
buster, stretch, sid4.8.3+comet2+shim4.10.0+comet3-1+deb9u5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.8.0~rc3-1high823620
xensourcejessie4.4.1-9+deb8u4highDSA-3519-1
xensourcesqueeze(unfixed)end-of-life

Notes

[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
http://xenbits.xen.org/xsa/advisory-160.html

Search for package or bug name: Reporting problems