CVE-2015-7311
Severity CVSS v4.0:
Pending analysis
Type:
CWE-17
Code Errors
Publication date:
01/10/2015
Last modified:
12/04/2025
Description
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
Impact
Base Score 2.0
3.60
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.2.1:-:*:*:*:*:x86:* | ||
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:x86:* | ||
cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:x86:* | ||
cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167077.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
- http://www.debian.org/security/2015/dsa-3414
- http://www.securityfocus.com/bid/76823
- http://www.securitytracker.com/id/1033633
- http://xenbits.xen.org/xsa/advisory-142.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1257893
- https://security.gentoo.org/glsa/201604-03
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167077.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
- http://www.debian.org/security/2015/dsa-3414
- http://www.securityfocus.com/bid/76823
- http://www.securitytracker.com/id/1033633
- http://xenbits.xen.org/xsa/advisory-142.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1257893
- https://security.gentoo.org/glsa/201604-03