CVE-2015-5247

moderate-risk

Published 2016-04-14

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

Do I need to act?

0.48% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (10)

Libvirt

Ubuntu Linux

Libvirt

Affected Vendors

Canonical Redhat

References (4)

Vendor Advisory http://security.libvirt.org/2015/0003.html

http://www.ubuntu.com/usn/USN-2867-1

Vendor Advisory http://security.libvirt.org/2015/0003.html

http://www.ubuntu.com/usn/USN-2867-1

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 16/34 · Moderate