OSSA-2012-020: Information leak in libvirt LVM-backed instances

OSSA-2012-020: Information leak in libvirt LVM-backed instances¶

Date:: December 11, 2012
CVE:: CVE-2012-5625

Affects¶

Nova: Folsom, Grizzly

Description¶

Eric Windisch from Cloudscaling reported a vulnerability in libvirt LVM-backed instances. The physical volume content was not wiped out before being deallocated and passed to an instance, which may result in the disclosure of information from previously-allocated logical volumes.Only setups using libvirt and LVM-backed instances (libvirt_images_type=lvm) are affected.

Patches¶

https://review.openstack.org/#/c/17857 (Folsom)
https://review.openstack.org/#/c/17856 (Grizzly)

Credits¶

Eric Windisch from Cloudscaling (CVE-2012-5625)

References¶

https://launchpad.net/bugs/1070539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5625

this page last updated: 2024-10-03 16:29:15

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.