3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
28.6%
The Xen Project reports:
Callers of libxl can specify that a disk should be read-only to the
guest. However, there is no code in libxl to pass this information
to qemu-xen (the upstream-based qemu); and indeed there is no way in
qemu to make a disk read-only.
The vulnerability is exploitable only via devices emulated by the
device model, not the parallel PV devices for supporting PVHVM.
Normally the PVHVM device unplug protocol renders the emulated
devices inaccessible early in boot.
Malicious guest administrators or (in some situations) users may be
able to write to supposedly read-only disk images.
CDROM devices (that is, devices specified to be presented to the
guest as CDROMs, regardless of the nature of the backing storage on
the host) are not affected.