CVE-2015-7311

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

Affected Software

Name	Vendor	Start Version	End Version
Xen	Xen	4.1.0 (including)	4.1.0 (including)
Xen	Xen	4.1.1 (including)	4.1.1 (including)
Xen	Xen	4.1.2 (including)	4.1.2 (including)
Xen	Xen	4.1.3 (including)	4.1.3 (including)
Xen	Xen	4.1.4 (including)	4.1.4 (including)
Xen	Xen	4.1.5 (including)	4.1.5 (including)
Xen	Xen	4.1.6.1 (including)	4.1.6.1 (including)
Xen	Xen	4.2.0 (including)	4.2.0 (including)
Xen	Xen	4.2.1 (including)	4.2.1 (including)
Xen	Xen	4.2.2 (including)	4.2.2 (including)
Xen	Xen	4.2.3 (including)	4.2.3 (including)
Xen	Xen	4.2.4 (including)	4.2.4 (including)
Xen	Xen	4.2.5 (including)	4.2.5 (including)
Xen	Xen	4.3.0 (including)	4.3.0 (including)
Xen	Xen	4.3.1 (including)	4.3.1 (including)
Xen	Xen	4.3.2 (including)	4.3.2 (including)
Xen	Xen	4.3.3 (including)	4.3.3 (including)
Xen	Xen	4.3.4 (including)	4.3.4 (including)
Xen	Xen	4.4.0 (including)	4.4.0 (including)
Xen	Xen	4.4.0-rc1 (including)	4.4.0-rc1 (including)
Xen	Xen	4.4.1 (including)	4.4.1 (including)
Xen	Xen	4.5.0 (including)	4.5.0 (including)
Xen	Xen	4.5.1 (including)	4.5.1 (including)
Xen	Ubuntu	devel	*
Xen	Ubuntu	trusty	*
Xen	Ubuntu	upstream	*
Xen	Ubuntu	vivid	*
Xen	Ubuntu	wily	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-7311
CWE	https://cwe.mitre.org/data/definitions/17.html

Affected Software

References