vulnerability
Red Hat: CVE-2015-5313: Moderate: libvirt security, bug fix, and enhancement update (RHSA-2016:2577)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:N/C:N/I:P/A:N) | Apr 11, 2016 | Nov 4, 2016 | Jul 9, 2025 |
Severity
2
CVSS
(AV:L/AC:M/Au:N/C:N/I:P/A:N)
Published
Apr 11, 2016
Added
Nov 4, 2016
Modified
Jul 9, 2025
Description
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-libvirtredhat-upgrade-libvirt-clientredhat-upgrade-libvirt-daemonredhat-upgrade-libvirt-daemon-config-networkredhat-upgrade-libvirt-daemon-config-nwfilterredhat-upgrade-libvirt-daemon-driver-interfaceredhat-upgrade-libvirt-daemon-driver-lxcredhat-upgrade-libvirt-daemon-driver-networkredhat-upgrade-libvirt-daemon-driver-nodedevredhat-upgrade-libvirt-daemon-driver-nwfilterredhat-upgrade-libvirt-daemon-driver-qemuredhat-upgrade-libvirt-daemon-driver-secretredhat-upgrade-libvirt-daemon-driver-storageredhat-upgrade-libvirt-daemon-kvmredhat-upgrade-libvirt-daemon-lxcredhat-upgrade-libvirt-debuginforedhat-upgrade-libvirt-develredhat-upgrade-libvirt-docsredhat-upgrade-libvirt-lock-sanlockredhat-upgrade-libvirt-login-shellredhat-upgrade-libvirt-nss
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.