CVE-2013-7130

HIGH7.5EPSS 3.1%

OpenStack Nova Live migration can leak root disk into ephemeral storage

發布日:2022/5/17修改日:2026/4/28

描述

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

受影響套件(3)

Debian/novafrom 0, < 2013.2.2
PyPI/novafrom 0, < 12.0.0a0
PyPI/novafrom 0, < 12.0.0a0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(23)

ADVISORYhttp://secunia.com/advisories/56450
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-7130
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-7130
PATCHhttps://github.com/openstack/nova
PATCHhttps://review.openstack.org/#/c/68658/
PATCHhttps://review.openstack.org/#/c/68660/
WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
WEBhttp://osvdb.org/102416
WEBhttp://rhn.redhat.com/errata/RHSA-2014-0231.html
WEBhttps://bugs.launchpad.net/nova/+bug/1251590
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90652
WEBhttps://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
WEBhttps://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
WEBhttps://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml
WEBhttps://review.openstack.org/#/c/68658
WEBhttps://review.openstack.org/#/c/68659
WEBhttps://review.openstack.org/#/c/68659/
WEBhttps://review.openstack.org/#/c/68660
WEBhttp://www.openwall.com/lists/oss-security/2014/01/23/5
WEBhttp://www.securityfocus.com/bid/65106
WEBhttp://www.ubuntu.com/usn/USN-2247-1