CVE-2015-5247
Ubuntu Security Notice USN-2867-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
La API virStorageVolCreateXML en libvirt 1.2.14 hasta la versión 1.2.19 permite a usuarios remotos autenticados con una conexión de lectura-escritura causar una denegación de servicio (caída de libvirtd) desencadenando una desvinculación fallida después de crear un volumen en un pool NFS root_squash.
It was discovered that libvirt incorrectly handled the firewall rules on bridge networks when the daemon was restarted. This could result in an unintended firewall configuration. This issue only applied to Ubuntu 12.04 LTS. Peter Krempa discovered that libvirt incorrectly handled locking when certain ACL checks failed. A local attacker could use this issue to cause libvirt to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-07-01 CVE Reserved
- 2016-01-12 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.libvirt.org/2015/0003.html | 2016-04-18 | |
| http://www.ubuntu.com/usn/USN-2867-1 | 2016-04-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.2.14 Search vendor "Redhat" for product "Libvirt" and version "1.2.14" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.2.15 Search vendor "Redhat" for product "Libvirt" and version "1.2.15" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.2.16 Search vendor "Redhat" for product "Libvirt" and version "1.2.16" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.2.17 Search vendor "Redhat" for product "Libvirt" and version "1.2.17" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.2.18 Search vendor "Redhat" for product "Libvirt" and version "1.2.18" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.2.19 Search vendor "Redhat" for product "Libvirt" and version "1.2.19" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||