Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XENDOMCTLmaxvcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROFgetbuffer or (3) XENOPROFset_passive hypercall.