OSSA-2014-009: Nova host data leak to vm instance in rescue mode¶

Date:: March 27, 2014
CVE:: CVE-2014-0134

Affects¶

Nova: 2013.2 versions up to 2013.2.2

Description¶

Stanislaw Pitucha from Hewlett Packard reported a vulnerability in the Nova instance rescue mode. By overwriting the disk inside an instance with a malicious image and switching the instance to rescue mode, an authenticated user would be able to leak an arbitrary file from the compute host to the virtual instance. Note that the host file must be readable by the libvirt/kvm context to be exposed. Only setups using libvirt to spawn instance, and having “use_cow_images = False” in Nova configuration are affected.

Patches¶

https://review.openstack.org/#/c/82840 (Havana)
https://review.openstack.org/#/c/82841 (Icehouse)

Credits¶

Stanislaw Pitucha from HP (CVE-2014-0134)

References¶

https://launchpad.net/bugs/1221190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134

OSSA-2014-009: Nova host data leak to vm instance in rescue mode