CVE-2012-5625

OpenStack Compute (Nova) Folsom <2012.2.2 - Info Disclosure

Title source: llm

Description

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

References (10)

Core 10

Core References

Various Sources x_refsource_confirm

https://launchpad.net/nova/folsom/2012.2.2

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0208.html

Issue Tracking x_refsource_confirm

https://bugs.launchpad.net/nova/+bug/1070539

Patch vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1663-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56904

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/88419

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/12/11/5

Issue Tracking x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=884293

Patch x_refsource_confirm

https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354

View Patch ZIP pw:eip

Patch x_refsource_confirm

https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f

View Patch ZIP pw:eip

Scores

EPSS 0.0106

EPSS Percentile 77.9%

Details

CWE

CWE-200

Status published

Products (3)

openstack/folsom 2012.2

openstack/grizzly

pypi/nova 0 - 12.0.0a0PyPI

Published Dec 26, 2012

Tracked Since Feb 18, 2026