CVE-2012-5625

high

Description

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

References

https://launchpad.net/nova/folsom/2012.2.2

https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354

https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f

https://bugzilla.redhat.com/show_bug.cgi?id=884293

https://bugs.launchpad.net/nova/+bug/1070539

http://www.ubuntu.com/usn/USN-1663-1

http://www.securityfocus.com/bid/56904

http://www.openwall.com/lists/oss-security/2012/12/11/5

http://rhn.redhat.com/errata/RHSA-2013-0208.html

http://osvdb.org/88419

Details

Source: Mitre, NVD

Published: 2012-12-26

Updated: 2013-02-15

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High