OSSA-2014-003: Live migration can leak root disk into ephemeral storage

OSSA-2014-003: Live migration can leak root disk into ephemeral storage

Date:January 23, 2014
CVE:CVE-2013-7130

Affects

  • Nova: All supported versions

Description

Loganathan Parthipan from Hewlett Packard reported a vulnerability in the Nova libvirt driver. By spawning a server with the same flavor as another user’s migrated virtual machine, an authenticated user can potentially access that user’s snapshot content resulting in information leakage. Only setups using KVM live block migration are affected.

Credits

  • Loganathan Parthipan from HP (CVE-2013-7130)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.