The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:00
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html - | |
| References | () http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html - | |
| References | () http://osvdb.org/102416 - | |
| References | () http://rhn.redhat.com/errata/RHSA-2014-0231.html - | |
| References | () http://secunia.com/advisories/56450 - Vendor Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2014/01/23/5 - | |
| References | () http://www.securityfocus.com/bid/65106 - | |
| References | () http://www.ubuntu.com/usn/USN-2247-1 - | |
| References | () https://bugs.launchpad.net/nova/+bug/1251590 - | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/90652 - | |
| References | () https://review.openstack.org/#/c/68658/ - Patch | |
| References | () https://review.openstack.org/#/c/68659/ - | |
| References | () https://review.openstack.org/#/c/68660/ - Patch |
Information
Published : 2014-02-06 17:00
Updated : 2025-04-11 00:51
NVD link : CVE-2013-7130
Mitre link : CVE-2013-7130
CVE.ORG link : CVE-2013-7130
JSON object : View
Products Affected
openstack
- icehouse
- havana
- grizzly
- compute
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor