Moderate

CVE-2015-8339 - Data Handling vulnerability in XEN

Publication: 2015-12-17
Summary

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.

Classification
CWE-19: Data Handling

Risk level (CVSS 4.7)

Moderate

4.7

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • XEN XEN 3.2.0
  • XEN XEN 3.2.1
  • XEN XEN 3.2.2
  • XEN XEN 3.2.3
  • XEN XEN 3.3.0
  • XEN XEN 3.3.1
  • XEN XEN 3.3.2
  • XEN XEN 3.4.0
  • XEN XEN 3.4.1
  • XEN XEN 3.4.2
  • XEN XEN 3.4.3
  • XEN XEN 3.4.4
  • XEN XEN 4.0.0
  • XEN XEN 4.0.1
  • XEN XEN 4.0.2
  • XEN XEN 4.0.3
  • XEN XEN 4.0.4
  • XEN XEN 4.1.0
  • XEN XEN 4.1.1
  • XEN XEN 4.1.2
  • XEN XEN 4.1.3
  • XEN XEN 4.1.4
  • XEN XEN 4.1.5
  • XEN XEN 4.1.6
  • XEN XEN 4.1.6.1
  • XEN XEN 4.2.0
  • XEN XEN 4.2.1
  • XEN XEN 4.2.2
  • XEN XEN 4.2.3
  • XEN XEN 4.2.4
  • XEN XEN 4.2.5
  • XEN XEN 4.3.0
  • XEN XEN 4.3.1
  • XEN XEN 4.3.2
  • XEN XEN 4.3.3
  • XEN XEN 4.3.4
  • XEN XEN 4.4.0
  • XEN XEN 4.4.1
  • XEN XEN 4.4.2
  • XEN XEN 4.4.3
  • XEN XEN 4.5.0
  • XEN XEN 4.5.1
  • XEN XEN 4.5.2
  • XEN XEN 4.6.0

References