Lucene search

K

GitHub Advisory DatabaseGHSA-99RX-9X8V-9J8P

HistoryMay 17, 2022 - 1:29 a.m.

OpenStack Nova Live migration can leak root disk into ephemeral storage

2022-05-1701:29:42

CWE-200

GitHub Advisory Database

github.com

2

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.2%

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

CPENameOperatorVersion
novalt12.0.0a0

References

lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html

osvdb.org/102416

rhn.redhat.com/errata/RHSA-2014-0231.html

secunia.com/advisories/56450

www.openwall.com/lists/oss-security/2014/01/23/5

www.securityfocus.com/bid/65106

www.ubuntu.com/usn/USN-2247-1

bugs.launchpad.net/nova/+bug/1251590

exchange.xforce.ibmcloud.com/vulnerabilities/90652

github.com/advisories/GHSA-99rx-9x8v-9j8p

github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9

github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1

github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3

nvd.nist.gov/vuln/detail/CVE-2013-7130

review.openstack.org/#/c/68658

review.openstack.org/#/c/68659

review.openstack.org/#/c/68660

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.2%

Related for GHSA-99RX-9X8V-9J8P

prion1 cvelist1 nessus3 ubuntucve1 debiancve1 cve1 fedora5 redhat2 openvas7 veracode3 ubuntu1 securityvulns2