OSSA-2014-003: Live migration can leak root disk into ephemeral storage

OSSA-2014-003: Live migration can leak root disk into ephemeral storage¶

Date:: January 23, 2014
CVE:: CVE-2013-7130

Affects¶

Nova: All supported versions

Description¶

Loganathan Parthipan from Hewlett Packard reported a vulnerability in the Nova libvirt driver. By spawning a server with the same flavor as another user’s migrated virtual machine, an authenticated user can potentially access that user’s snapshot content resulting in information leakage. Only setups using KVM live block migration are affected.

Patches¶

https://review.openstack.org/#/c/68660 (Grizzly)
https://review.openstack.org/#/c/68659 (Havana)
https://review.openstack.org/#/c/68658 (Icehouse)

Credits¶

Loganathan Parthipan from HP (CVE-2013-7130)

References¶

this page last updated: 2024-03-18 15:52:07

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.