CVE-2012-5625

OpenStack Compute (Nova) Folsom <2012.2.2 - Info Disclosure

Title source: llm

Description

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

References (10)

[Various Sources] https://launchpad.net/nova/folsom/2012.2.2

[Third Party Advisory, VDB Entry] http://osvdb.org/88419

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0208.html

[Patch] http://www.ubuntu.com/usn/USN-1663-1

[Issue Tracking] https://bugs.launchpad.net/nova/+bug/1070539

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=884293

[Patch] https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f

[Patch] https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354

View Patch ZIP pw:eip

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56904

[Mailing List] http://www.openwall.com/lists/oss-security/2012/12/11/5

Scores

EPSS 0.0106

EPSS Percentile 77.4%

Classification

CWE

CWE-200

Status draft

Affected Products (3)

openstack/folsom

openstack/grizzly

pypi/nova < 12.0.0a0PyPI

Timeline

Published Dec 26, 2012

Tracked Since Feb 18, 2026