Information Disclosure in OpenStack Compute (Nova) by Red Hat and Ubuntu
CVE-2012-5625
Currently unrated
Summary
In OpenStack Compute (Nova) versions prior to 2012.2.2 and in the Grizzly release, a vulnerability exists when using libvirt with LVM-backed instances. The issue arises from the failure to adequately clear the content of physical volumes (PV) when reallocating them for new instances. This oversight enables attackers to access sensitive information by reading the memory of previously allocated logical volumes (LV). The potential for exploitation highlights the importance of ensuring that memory management practices are strictly adhered to in virtualized environments.
References
Timeline
Vulnerability published
Vulnerability Reserved