CVE-2015-7548

low

Published 2016-01-12 · Modified 2026-05-06

CVSS v3

3.5

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CVSS v2

2.1

VIR risk

3.5

Description

OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.

Predictions

Exploit likelihood

45%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-7548

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://security.openstack.org/ossa/OSSA-2016-001.html

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2015-7548.html

OS impact

OS	Version	Status	Fixed in
sles		affected
debian	bookworm	fixed	`2:13.0.0~rc3-1`
debian	bullseye	fixed	`2:13.0.0~rc3-1`
debian	forky	fixed	`2:13.0.0~rc3-1`
debian	sid	fixed	`2:13.0.0~rc3-1`
debian	trixie	fixed	`2:13.0.0~rc3-1`

Application impact

Vendor	Product	Versions	Fixed
openstack	nova	`{"startIncluding":"12.0.0","endExcluding":"12.0.1"}`	`12.0.1`

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.