The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
osvdb.org/102416
rhn.redhat.com/errata/RHSA-2014-0231.html
secunia.com/advisories/56450
www.openwall.com/lists/oss-security/2014/01/23/5
www.securityfocus.com/bid/65106
www.ubuntu.com/usn/USN-2247-1
bugs.launchpad.net/nova/+bug/1251590
exchange.xforce.ibmcloud.com/vulnerabilities/90652
github.com/advisories/GHSA-99rx-9x8v-9j8p
github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
nvd.nist.gov/vuln/detail/CVE-2013-7130
review.openstack.org/#/c/68658
review.openstack.org/#/c/68659
review.openstack.org/#/c/68660