OSSA-2012-020: Information leak in libvirt LVM-backed instances

Date:December 11, 2012
CVE:CVE-2012-5625

Affects

  • Nova: Folsom, Grizzly

Description

Eric Windisch from Cloudscaling reported a vulnerability in libvirt LVM-backed instances. The physical volume content was not wiped out before being deallocated and passed to an instance, which may result in the disclosure of information from previously-allocated logical volumes.Only setups using libvirt and LVM-backed instances (libvirt_images_type=lvm) are affected.

Credits

  • Eric Windisch from Cloudscaling (CVE-2012-5625)