Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 499056 (CVE-2013-7130) - <sys-cluster/nova-{2013.1.4-r4,2013.2.1-r2} : Live migration can leak root disk into ephemeral storage[OSSA 2014-003] (CVE-2013-7130)
Summary: <sys-cluster/nova-{2013.1.4-r4,2013.2.1-r2} : Live migration can leak root di...
Alias: CVE-2013-7130
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [noglsa]
Depends on:
Reported: 2014-01-23 16:56 UTC by Agostino Sarubbo
Modified: 2014-04-10 21:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-01-23 16:56:59 UTC
From ${URL} :

OpenStack Security Advisory: 2014-003
CVE: CVE-2013-7130
Date: January 23, 2014

Title: Live migration can leak root disk into ephemeral storage
Reporter: Loganathan Parthipan (HP)
Products: Nova
Affects: All supported versions

Loganathan Parthipan from Hewlett Packard reported a vulnerability in
the Nova libvirt driver. By spawning a server with the same flavor as
another user's migrated virtual machine, an authenticated user can
potentially access that user's snapshot content resulting in information
leakage. Only setups using KVM live block migration are affected.

Icehouse (development branch) fix:

Havana (development branch) fix:

Grizzly fix:


@maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-04-10 21:45:51 UTC
CVE-2013-7130 (
  The i_create_images_and_backing (aka create_images_and_backing) method in
  libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse,
  when using KVM live block migration, does not properly create all expected
  files, which allows attackers to obtain snapshot root disk contents of other
  users via ephemeral storage.