CVE-2015-7311

Published: 01 October 2015

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.5.1-0ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.3])
Patches:
Upstream: http://xenbits.xen.org/xsa/xsa142-4.5.patch
Upstream: http://xenbits.xen.org/xsa/xsa142-4.6.patch
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
seth-arnold
The patch may break deployed environments but those environments
are currently not safe

References