Description
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
References (13)
Core 13
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0231.html
Various Sources x_refsource_confirm
https://review.openstack.org/#/c/68659/
Patch x_refsource_confirm
https://review.openstack.org/#/c/68658/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65106
Patch x_refsource_confirm
https://review.openstack.org/#/c/68660/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90652
Issue Tracking x_refsource_misc
https://bugs.launchpad.net/nova/+bug/1251590
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56450
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102416
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2247-1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/23/5
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
Scores
EPSS
0.0313
EPSS Percentile
87.0%
Details
CWE
CWE-200
Status
published
Products (9)
openstack/compute
2012.2
openstack/compute
2013.1
openstack/compute
2013.1.1
openstack/compute
2013.1.2
openstack/compute
2013.1.3
openstack/grizzly
openstack/havana
openstack/icehouse
pypi/nova
0 - 12.0.0a0PyPI
Published
Feb 06, 2014
Tracked Since
Feb 18, 2026