CVE-2015-5247

MEDIUM

libvirt 1.2.14-1.2.19 - Authenticated Denial of Service via virStorageVolCreateXML API

Title source: llm
STIX 2.1

Description

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://security.libvirt.org/2015/0003.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2867-1

Scores

CVSS v3 6.5
EPSS 0.0137
EPSS Percentile 68.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-284
Status published
Products (10)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
canonical/ubuntu_linux 15.10
redhat/libvirt 1.2.14
redhat/libvirt 1.2.15
redhat/libvirt 1.2.16
redhat/libvirt 1.2.17
redhat/libvirt 1.2.18
redhat/libvirt 1.2.19
Published Apr 14, 2016
Tracked Since Feb 18, 2026