CVE-2015-5247

Name of the Vulnerable Software and Affected Versions libvirt versions 1.2.14 through 1.2.19

Description The issue is related to insufficient access control in the virStorageVolCreateXML API of the libvirt library, which manages virtualization. This can be exploited by a remote attacker to cause a denial of service, resulting in the libvirtd crash, by triggering a failed unlink after creating a volume on a root squash NFS pool.

Recommendations For libvirt versions 1.2.14 through 1.2.19, consider restricting access to the virStorageVolCreateXML API to prevent remote authenticated users from exploiting the issue. As a temporary workaround, avoid using the virStorageVolCreateXML API to create volumes on root squash NFS pools until a patch is available.