CVE-2015-7311
Advisory lineage Upstream: 0 Downstream: 12
Modified
Published: 01 Oct 2015, 20:00
Last modified:06 Aug 2024, 07:43
Vulnerability Summary
Overall Risk (default)
low
14/100 CVSS Score
3.6 LOW
v2.0 (nvd)
EPSS Score
0.07% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
01 Oct 2015, 20:00
Published
Vulnerability first disclosed
06 Aug 2024, 07:43
Last Modified
Vulnerability information updated
Description
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
CVSS Metrics
- v2.0•LOW•Score: 3.6AV:L/AC:L/Au:N/C:N/I:P/A:P
EPSS Trends
Current EPSS score: 0.07%• Percentile: 21%
Techniques & Countermeasures
- CWE-17•DEPRECATED: Code
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Affected Systems
- xen•xen
4.1.0 | 4.1.1 | 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.1.6.1 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.2.4 | 4.2.5 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.4.0 | 4.4.0:rc1 | 4.4.1 | 4.5.0 | 4.5.1
References (10)
- http://xenbits.xen.org/xsa/advisory-142.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1257893
- http://www.debian.org/security/2015/dsa-3414
- http://www.securitytracker.com/id/1033633
- http://www.securityfocus.com/bid/76823
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
- https://security.gentoo.org/glsa/201604-03
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167077.html