CVE-2015-8341

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

Affected Software

Name	Vendor	Start Version	End Version
Xen	Xen	4.1.0 (including)	4.1.0 (including)
Xen	Xen	4.1.1 (including)	4.1.1 (including)
Xen	Xen	4.1.2 (including)	4.1.2 (including)
Xen	Xen	4.1.3 (including)	4.1.3 (including)
Xen	Xen	4.1.4 (including)	4.1.4 (including)
Xen	Xen	4.1.5 (including)	4.1.5 (including)
Xen	Xen	4.1.6 (including)	4.1.6 (including)
Xen	Xen	4.1.6.1 (including)	4.1.6.1 (including)
Xen	Xen	4.2.0 (including)	4.2.0 (including)
Xen	Xen	4.2.1 (including)	4.2.1 (including)
Xen	Xen	4.2.2 (including)	4.2.2 (including)
Xen	Xen	4.2.3 (including)	4.2.3 (including)
Xen	Xen	4.2.4 (including)	4.2.4 (including)
Xen	Xen	4.2.5 (including)	4.2.5 (including)
Xen	Xen	4.3.0 (including)	4.3.0 (including)
Xen	Xen	4.3.1 (including)	4.3.1 (including)
Xen	Xen	4.3.2 (including)	4.3.2 (including)
Xen	Xen	4.3.3 (including)	4.3.3 (including)
Xen	Xen	4.3.4 (including)	4.3.4 (including)
Xen	Xen	4.4.0 (including)	4.4.0 (including)
Xen	Xen	4.4.1 (including)	4.4.1 (including)
Xen	Xen	4.4.2 (including)	4.4.2 (including)
Xen	Xen	4.4.3 (including)	4.4.3 (including)
Xen	Xen	4.5.0 (including)	4.5.0 (including)
Xen	Xen	4.5.1 (including)	4.5.1 (including)
Xen	Xen	4.5.2 (including)	4.5.2 (including)
Xen	Xen	4.6.0 (including)	4.6.0 (including)
Xen	Ubuntu	devel	*
Xen	Ubuntu	trusty	*
Xen	Ubuntu	upstream	*
Xen	Ubuntu	vivid	*
Xen	Ubuntu	wily	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-8341
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References