CVE-2015-8339 - Data Handling vulnerability in XEN
Summary
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
Classification
CWE-19 - Data HandlingRisk level (CVSS 4.7)
Medium
4.7
Access Vector
- Network
- Adjacent Network
- Local
Access Complexity
- Low
- Medium
- High
Authentication
- None
- Single
- Multiple
Confident. Impact
- Complete
- Partial
- None
Integrity Impact
- Complete
- Partial
- None
Affected Products
- XEN XEN 3.2.0
- XEN XEN 3.2.1
- XEN XEN 3.2.2
- XEN XEN 3.2.3
- XEN XEN 3.3.0
- XEN XEN 3.3.1
- XEN XEN 3.3.2
- XEN XEN 3.4.0
- XEN XEN 3.4.1
- XEN XEN 3.4.2
- XEN XEN 3.4.3
- XEN XEN 3.4.4
- XEN XEN 4.0.0
- XEN XEN 4.0.1
- XEN XEN 4.0.2
- XEN XEN 4.0.3
- XEN XEN 4.0.4
- XEN XEN 4.1.0
- XEN XEN 4.1.1
- XEN XEN 4.1.2
- XEN XEN 4.1.3
- XEN XEN 4.1.4
- XEN XEN 4.1.5
- XEN XEN 4.1.6
- XEN XEN 4.1.6.1
- XEN XEN 4.2.0
- XEN XEN 4.2.1
- XEN XEN 4.2.2
- XEN XEN 4.2.3
- XEN XEN 4.2.4
- XEN XEN 4.2.5
- XEN XEN 4.3.0
- XEN XEN 4.3.1
- XEN XEN 4.3.2
- XEN XEN 4.3.3
- XEN XEN 4.3.4
- XEN XEN 4.4.0
- XEN XEN 4.4.1
- XEN XEN 4.4.2
- XEN XEN 4.4.3
- XEN XEN 4.5.0
- XEN XEN 4.5.1
- XEN XEN 4.5.2
- XEN XEN 4.6.0
External references
Related CVE
| Date | CVE | Title | CVSS |
|---|---|---|---|
| 2015-12-17 | CVE-2015-8341 | Resource Management Errors vulnerability in XEN | 7.8 |
| 2015-12-17 | CVE-2015-8340 | Code vulnerability in XEN | 4.7 |
| 2015-12-17 | CVE-2015-8338 | Security Features vulnerability in XEN 4.6.0 | 7.2 |