OSSA-2014-009: Nova host data leak to vm instance in rescue mode¶
March 27, 2014
Nova: 2013.2 versions up to 2013.2.2
Stanislaw Pitucha from Hewlett Packard reported a vulnerability in the Nova instance rescue mode. By overwriting the disk inside an instance with a malicious image and switching the instance to rescue mode, an authenticated user would be able to leak an arbitrary file from the compute host to the virtual instance. Note that the host file must be readable by the libvirt/kvm context to be exposed. Only setups using libvirt to spawn instance, and having “use_cow_images = False” in Nova configuration are affected.
Stanislaw Pitucha from HP (CVE-2014-0134)