Information Disclosure in OpenStack Compute (Nova) by Red Hat and Ubuntu
CVE-2012-5625

Currently unrated

Key Information:

Vendor

Openstack
Status
Grizzly
Folsom
Vendor
CVE Published:
26 December 2012

What is CVE-2012-5625?

In OpenStack Compute (Nova) versions prior to 2012.2.2 and in the Grizzly release, a vulnerability exists when using libvirt with LVM-backed instances. The issue arises from the failure to adequately clear the content of physical volumes (PV) when reallocating them for new instances. This oversight enables attackers to access sensitive information by reading the memory of previously allocated logical volumes (LV). The potential for exploitation highlights the importance of ensuring that memory management practices are strictly adhered to in virtualized environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2013-0208.html
vendor-advisoryx_refsource_REDHAT
https://bugs.launchpad.net/nova/+bug/1070539
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1663-1
vendor-advisoryx_refsource_UBUNTU

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.