vulnerability
FreeBSD: VID-bcad3faa-b40c-11e5-9728-002590263bf5 (CVE-2015-8340): xen-kernel -- XENMEM_exchange error handling issues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:N/I:N/A:C) | Jan 6, 2016 | Dec 10, 2025 | Jan 27, 2026 |
Severity
5
CVSS
(AV:L/AC:M/Au:N/C:N/I:N/A:C)
Published
Jan 6, 2016
Added
Dec 10, 2025
Modified
Jan 27, 2026
Description
The Xen Project reports: Error handling in the operation may involve handing back pages to the domain. This operation may fail when in parallel the domain gets torn down. So far this failure unconditionally resulted in the host being brought down due to an internal error being assumed. This is CVE-2015-8339. Furthermore error handling so far wrongly included the release of a lock. That lock, however, was either not acquired or already released on all paths leading to the error handling sequence. This is CVE-2015-8340. A malicious guest administrator may be able to deny service by crashing the host or causing a deadlock.
Solution
freebsd-upgrade-package-xen-kernel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.