Published: 14/04/2016 Updated: 18/04/2016

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The virStorageVolCreateXML API in libvirt 1.2.14 up to and including 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt 1.2.18
redhat libvirt 1.2.19
redhat libvirt 1.2.15
redhat libvirt 1.2.17
redhat libvirt 1.2.14
redhat libvirt 1.2.16
canonical ubuntu linux 15.10
canonical ubuntu linux 15.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04

Debian Bug report logs - #799132 libvirt: CVE-2015-5247: denial of service when volume creation fails on NFS pool Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 16 Sep 201 ...

Several security issues were fixed in libvirt ...

CWE-284 http://www.ubuntu.com/usn/USN-2867-1 http://security.libvirt.org/2015/0003.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132 https://usn.ubuntu.com/2867-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5247

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect