PT-2014-3265 · Red Hat+2 · Libvirt+3

Loganathan Parthipan

Published

2014-02-06

Updated

2022-05-17

CVE-2013-7130

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions Grizzly through Icehouse

Description The issue arises from the i create images and backing method in the libvirt driver, specifically when utilizing KVM live block migration. This method fails to create all expected files, allowing attackers to access the snapshot root disk contents of other users via ephemeral storage.

Recommendations For OpenStack Compute (Nova) versions Grizzly through Icehouse, consider restricting access to the ephemeral storage to minimize the risk of exploitation until a proper fix is applied. As a temporary workaround, review and adjust the configuration of the libvirt driver to ensure proper file creation during KVM live block migration.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-7130

GHSA-99RX-9X8V-9J8P

PYSEC-2014-111

RHSA-2014:0231

RHSA-2014:0366

USN-2247-1

Affected Products

Kvm

Openstack Compute

Ubuntu

Libvirt

PT-2014-3265 · Red Hat+2 · Libvirt+3

CVE-2013-7130

Weakness Enumeration

Related Identifiers

Affected Products

References · 36