CVE-2012-5625

EPSS 1.1%

OpenStack Nova Information leak in libvirt LVM-backed instances

Published: 5/17/2022Modified: 5/21/2026

Description

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

Affected packages (3)

PyPI/novafrom 0, < 12.0.0a0
PyPI/novafrom 0, < a99a802e008eed18e39fc1d98170edc495cbd354, < 9d2ea970422591f8cdc394001be9a2deca499a5f | from 0
PyPI/nova

References (14)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-5625
PATCHhttps://github.com/openstack/nova
WEBhttp://osvdb.org/88419
WEBhttp://rhn.redhat.com/errata/RHSA-2013-0208.html
WEBhttps://bugs.launchpad.net/nova/+bug/1070539
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=884293
WEBhttps://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f
WEBhttps://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-42.yaml
WEBhttps://launchpad.net/nova/folsom/2012.2.2
WEBhttp://www.openwall.com/lists/oss-security/2012/12/11/5
WEBhttp://www.securityfocus.com/bid/56904
WEBhttp://www.ubuntu.com/usn/USN-1663-1