CVE-2015-7311

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167077.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html

http://www.debian.org/security/2015/dsa-3414

http://www.securityfocus.com/bid/76823

http://www.securitytracker.com/id/1033633

http://xenbits.xen.org/xsa/advisory-142.html

https://bugzilla.redhat.com/show_bug.cgi?id=1257893

https://security.gentoo.org/glsa/201604-03

Details

Source: MITRE

Published: 2015-10-01

Updated: 2018-10-30

Type: CWE-17

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
90380GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
88124openSUSE Security Update : xen (openSUSE-2016-34)NessusSuSE Local Security Checks
high
87650SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2338-1)NessusSuSE Local Security Checks
high
87591SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2328-1)NessusSuSE Local Security Checks
high
87590SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2326-1)NessusSuSE Local Security Checks
high
87588SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2324-1)NessusSuSE Local Security Checks
high
87443openSUSE Security Update : xen (openSUSE-2015-893)NessusSuSE Local Security Checks
high
87393openSUSE Security Update : xen (openSUSE-2015-892)NessusSuSE Local Security Checks
medium
87288Debian DSA-3414-1 : xen - security updateNessusDebian Local Security Checks
medium
86909openSUSE Security Update : xen (openSUSE-2015-750)NessusSuSE Local Security Checks
medium
86863openSUSE Security Update : xen (openSUSE-2015-729)NessusSuSE Local Security Checks
medium
86835FreeBSD : xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen (301b04d7-881c-11e5-ab94-002590263bf5)NessusFreeBSD Local Security Checks
low
86756SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:1908-1)NessusSuSE Local Security Checks
medium
86753SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1894-1)NessusSuSE Local Security Checks
medium
86704SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1853-1)NessusSuSE Local Security Checks
medium
86163Fedora 21 : xen-4.4.3-3.fc21 (2015-15946)NessusFedora Local Security Checks
high
86162Fedora 22 : xen-4.5.1-8.fc22 (2015-15944)NessusFedora Local Security Checks
high
86055Fedora 23 : xen-4.5.1-8.fc23 (2015-15943)NessusFedora Local Security Checks
low