CVE-2013-7130

critical

Description

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

References

https://review.openstack.org/#/c/68660/

https://review.openstack.org/#/c/68659/

https://review.openstack.org/#/c/68658/

https://exchange.xforce.ibmcloud.com/vulnerabilities/90652

https://bugs.launchpad.net/nova/+bug/1251590

http://www.ubuntu.com/usn/USN-2247-1

http://www.securityfocus.com/bid/65106

http://www.openwall.com/lists/oss-security/2014/01/23/5

http://secunia.com/advisories/56450

http://rhn.redhat.com/errata/RHSA-2014-0231.html

http://osvdb.org/102416

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html

Details

Source: Mitre, NVD

Published: 2014-02-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical