CVE-2015-7311 — XEN vulnerability

CWE-176 documents6 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 79.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedOct 1

Latest updateMay 14

Description

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.0~rc3-1 (bookworm)

▶Debianxen/xen< 4.8.0~rc3-1+3

▶NVDxen/xen22 versions+21

🔴Vulnerability Details

GHSA

GHSA-wx4v-7h7w-4x2j: libxl in Xen 4↗2022-05-14

▶

OSV

CVE-2015-7311: libxl in Xen 4↗2015-10-01

▶

📋Vendor Advisories

Red Hat

xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142)↗2015-09-22

▶

Debian

CVE-2015-7311: xen - libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on d...↗2015

▶

💬Community

Bugzilla

CVE-2015-7311 xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142)↗2015-09-22

▶