CVE-2013-7130

Published: Feb 6, 2014Modified: Apr 29, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

Affected (8)

Products: Openstack: Compute, Grizzly, Havana, Icehouse

4 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Openstack Compute	Version 2012.2
Openstack Compute	Version 2013.1.1
Openstack Compute	Version 2013.1.2
Openstack Compute	Version 2013.1.3
Openstack Compute	Version 2013.1
Openstack Grizzly	All versions
Openstack Havana	All versions
Openstack Icehouse	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (26)

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html

Source: cve@mitre.org

http://osvdb.org/102416

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-0231.html

Source: cve@mitre.org

http://secunia.com/advisories/56450

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/01/23/5

Source: cve@mitre.org

http://www.securityfocus.com/bid/65106

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2247-1

Source: cve@mitre.org

https://bugs.launchpad.net/nova/+bug/1251590

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/90652

Source: cve@mitre.org

https://review.openstack.org/#/c/68658/

Source: cve@mitre.org

Patch

https://review.openstack.org/#/c/68659/

Source: cve@mitre.org

https://review.openstack.org/#/c/68660/

Source: cve@mitre.org

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/102416

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0231.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/56450

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/01/23/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/65106

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2247-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/nova/+bug/1251590

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/90652

Source: af854a3a-2127-422b-91ae-364da2661108

https://review.openstack.org/#/c/68658/

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://review.openstack.org/#/c/68659/

Source: af854a3a-2127-422b-91ae-364da2661108

https://review.openstack.org/#/c/68660/

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.