CVE-2015-7969 | Vulnerability Database | Aqua Security

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of teardowns of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.

Affected Software

Name	Vendor	Start Version	End Version
Xen	Xen	4.3.2	4.3.2
Xen	Xen	4.6.0	4.6.0
Xen	Xen	4.1.5	4.1.5
Xen	Xen	4.2.2	4.2.2
Xen	Xen	4.2.3	4.2.3
Xen	Xen	4.3.0	4.3.0
Xen	Xen	4.0.4	4.0.4
Xen	Xen	4.0.2	4.0.2
Xen	Xen	4.1.2	4.1.2
Xen	Xen	4.0.0	4.0.0
Xen	Xen	4.1.1	4.1.1
Xen	Xen	4.2.0	4.2.0
Xen	Xen	4.1.0	4.1.0
Xen	Xen	4.4.1	4.4.1
Xen	Xen	4.1.3	4.1.3
Xen	Xen	4.1.6.1	4.1.6.1
Xen	Xen	4.3.4	4.3.4
Xen	Xen	4.5.1	4.5.1
Xen	Xen	4.1.4	4.1.4
Xen	Xen	4.3.1	4.3.1
Xen	Xen	4.2.1	4.2.1
Xen	Xen	4.5.0	4.5.0
Xen	Xen	4.4.0	4.4.0
Xen	Xen	4.0.1	4.0.1
Xen	Xen	4.0.3	4.0.3

References

http://xenbits.xen.org/xsa/advisory-149.html
http://xenbits.xen.org/xsa/advisory-151.html
http://www.securityfocus.com/bid/77364
http://www.securitytracker.com/id/1034033
http://support.citrix.com/article/CTX202404
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html
http://www.debian.org/security/2015/dsa-3414
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html
https://security.gentoo.org/glsa/201604-03

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-7969
CWE	https://cwe.mitre.org/data/definitions/399.html