CVE-2015-8341 - Vulnerability Details

Vendors	Products
Xen	Xen

Link	Providers
http://www.debian.org/security/2016/dsa-3519
http://www.securitytracker.com/id/1034389
http://xenbits.xen.org/xsa/advisory-160.html
https://nvd.nist.gov/vuln/detail/CVE-2015-8341
https://security.gentoo.org/glsa/201604-03
https://www.cve.org/CVERecord?id=CVE-2015-8341

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3519", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3519"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-160.html"}, {"name": "1034389", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034389"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201604-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8341", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3519", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3519"}, {"name": "http://xenbits.xen.org/xsa/advisory-160.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-160.html"}, {"name": "1034389", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034389"}, {"name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:13:32.258Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3519", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3519"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-160.html"}, {"name": "1034389", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034389"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201604-03"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8341", "datePublished": "2015-12-17T19:00:00", "dateReserved": "2015-11-25T00:00:00", "dateUpdated": "2024-08-06T08:13:32.258Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-12-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-06-30T16:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : DSA-3519 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2016/dsa-3519 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://xenbits.xen.org/xsa/advisory-160.html (string)

}

2 : { »

name : 1034389 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1034389 (string)

}

3 : { »

name : GLSA-201604-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201604-03 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-8341 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : DSA-3519 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2016/dsa-3519 (string)

}

1 : { »

name : http://xenbits.xen.org/xsa/advisory-160.html (string)

refsource : CONFIRM (string)

url : http://xenbits.xen.org/xsa/advisory-160.html (string)

}

2 : { »

name : 1034389 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1034389 (string)

}

3 : { »

name : GLSA-201604-03 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201604-03 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T08:13:32.258Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : DSA-3519 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2016/dsa-3519 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://xenbits.xen.org/xsa/advisory-160.html (string)

}

2 : { »

name : 1034389 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1034389 (string)

}

3 : { »

name : GLSA-201604-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201604-03 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-8341 (string)

datePublished : 2015-12-17T19:00:00 (string)

dateReserved : 2015-11-25T00:00:00 (string)

dateUpdated : 2024-08-06T08:13:32.258Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "A0C59417-493C-493A-9AB2-317F240BF387", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "65E55950-EACA-4209-B2A1-E09026FC6006", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "37148A72-BE20-45C5-8589-2309ED84D08C", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "FB736B4C-325A-4B27-8C8A-15E60B8A8C82", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F30B5EF5-0AE8-420B-A103-B1B25A372F09", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "F784EF07-DBEC-492A-A0F4-F9F7B2551A0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBD9AD01-50B7-4951-8A73-A6CF4801A487", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "89AA8FD5-E997-4F0D-AFB6-FFBE0073BA5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "75615D84-9CA1-456C-816D-768E37B074A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0ED340C-6746-471E-9F2D-19D62D224B7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "99BD7C4F-DE4C-4508-B20D-46A94B616C5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B6F7CE9-C409-4D88-9A99-B21420633F45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains."}, {"lang": "es", "value": "La librer\u00eda libxl toolstack en Xen 4.1.x hasta la versi\u00f3n 4.6.x no libera adecuadamente el mapeo de archivos utilizados como kernels y ramdisks iniciales cuando manejan m\u00faltiples dominios en el mismo proceso, lo que permite a atacantes causar una denegaci\u00f3n de servicio (consumo de memoria y disco) mediante dominios de arranque."}], "id": "CVE-2015-8341", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-12-17T19:59:09.730", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3519"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034389"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-160.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201604-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2016/dsa-3519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034389"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-160.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201604-03"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D532B60-C8DD-4A2F-9D05-E574D23EB754 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 5D83CA8B-8E49-45FA-8FAB-C15052474542 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 27537DF5-7E0F-463F-BA87-46E329EE07AC (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 3EA4F978-9145-4FE6-B4F9-15207E52C40A (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 22A995FD-9B7F-4DF0-BECF-4B086E470F1E (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 219597E2-E2D7-4647-8A7C-688B96300158 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:* (string)

matchCriteriaId : A0C59417-493C-493A-9AB2-317F240BF387 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 65E55950-EACA-4209-B2A1-E09026FC6006 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 47640819-FC43-49ED-8A77-728C3D7255B3 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 2448537F-87AD-45C1-9FB0-7A49CA31BD76 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E36B2265-70E1-413B-A7CF-79D39E9ADCFB (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 37148A72-BE20-45C5-8589-2309ED84D08C (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : FB736B4C-325A-4B27-8C8A-15E60B8A8C82 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BF948E6A-07BE-4C7D-8A98-002E89D35F4D (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C0E23B94-1726-4F63-84BB-8D83FAB156D7 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F30B5EF5-0AE8-420B-A103-B1B25A372F09 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : F784EF07-DBEC-492A-A0F4-F9F7B2551A0B (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1044792C-D544-457C-9391-4F3B5BAB978D (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FBD9AD01-50B7-4951-8A73-A6CF4801A487 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 89AA8FD5-E997-4F0D-AFB6-FFBE0073BA5D (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 75615D84-9CA1-456C-816D-768E37B074A4 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 90CCECD0-C0F9-45A8-8699-64428637EBCA (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F0ED340C-6746-471E-9F2D-19D62D224B7A (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 99BD7C4F-DE4C-4508-B20D-46A94B616C5B (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B6F7CE9-C409-4D88-9A99-B21420633F45 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. (string)

}

1 : { »

lang : es (string)

value : La librería libxl toolstack en Xen 4.1.x hasta la versión 4.6.x no libera adecuadamente el mapeo de archivos utilizados como kernels y ramdisks iniciales cuando manejan múltiples dominios en el mismo proceso, lo que permite a atacantes causar una denegación de servicio (consumo de memoria y disco) mediante dominios de arranque. (string)

}

]

id : CVE-2015-8341 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.8 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-12-17T19:59:09.730 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://www.debian.org/security/2016/dsa-3519 (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://www.securitytracker.com/id/1034389 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://xenbits.xen.org/xsa/advisory-160.html (string)

}

3 : { »

source : cve@mitre.org (string)

url : https://security.gentoo.org/glsa/201604-03 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2016/dsa-3519 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1034389 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://xenbits.xen.org/xsa/advisory-160.html (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201604-03 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-399 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges George Dunlap (Citrix) as the original reporter.", "bugzilla": {"description": "xen: libxl leak of PV kernel can cause OOM condition", "id": "1284933", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284933"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:C", "status": "draft"}, "cwe": "CWE-400", "details": ["The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains."], "name": "CVE-2015-8341", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8341\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8341\nhttp://xenbits.xen.org/xsa/advisory-160.html"], "threat_severity": "Moderate"}

{

acknowledgement : Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges George Dunlap (Citrix) as the original reporter. (string)

bugzilla : { »

description : xen: libxl leak of PV kernel can cause OOM condition (string)

id : 1284933 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1284933 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.9 (string)

cvss_scoring_vector : AV:N/AC:H/Au:S/C:N/I:N/A:C (string)

status : draft (string)

}

cwe : CWE-400 (string)

details : [ »

0 : The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. (string)

]

name : CVE-2015-8341 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : xen (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2015-12-08T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-8341 https://nvd.nist.gov/vuln/detail/CVE-2015-8341 http://xenbits.xen.org/xsa/advisory-160.html (string)

]

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object