CVE-2013-7130
Published: 6 February 2014
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2014-003 |
jdstrand | saucy needs no change rebuild for saucy-security Folsom and Essex are affected, but need further backporting |
Priority
Status
Package | Release | Status |
---|---|---|
nova Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(2012.1.3+stable-20130423-e52e6912-0ubuntu1.4)
|
|
quantal |
Ignored
(end of life, was pending)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Released
(1:2013.2.3-0ubuntu1.2)
|
|
trusty |
Does not exist
(trusty was not-affected [1:2014.1~b3-0ubuntu2])
|
|
upstream |
Released
(2013.2.2)
|
|
Patches: upstream: https://review.openstack.org/#/c/68658/ upstream: https://review.openstack.org/#/c/68659 upstream: https://review.openstack.org/#/c/68660/ upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=b0d36683fe064b32cbef013e1c0c46bd018ab9a1 upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=cbeb5e51886b0296349fc476305bfe3d63c627c3 upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=15ee7e17f63f5583307a546ecf28952c364c88f9 |