CVE-2015-8341

Description

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

How to fix CVE-2015-8341

To remediate CVE-2015-8341, upgrade the affected package to a fixed version below.

• Debian/xen—upgrade to 4.8.0~rc3-1 or later

Is CVE-2015-8341 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.8.0~rc3-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-8341