CVE-2015-5247
MEDIUMlibvirt 1.2.14-1.2.19 - Authenticated Denial of Service via virStorageVolCreateXML API
Title source: llmDescription
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://security.libvirt.org/2015/0003.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2867-1
Scores
CVSS v3
6.5
EPSS
0.0137
EPSS Percentile
68.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-284
Status
published
Products (10)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
canonical/ubuntu_linux
15.10
redhat/libvirt
1.2.14
redhat/libvirt
1.2.15
redhat/libvirt
1.2.16
redhat/libvirt
1.2.17
redhat/libvirt
1.2.18
redhat/libvirt
1.2.19
Published
Apr 14, 2016
Tracked Since
Feb 18, 2026