CVE-2012-5625

Currently unrated

Key Information:

Vendor: Openstack
Status: Grizzly; Folsom
Vendor: CVE Published:; 26 December 2012

Summary

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

References

http://rhn.redhat.com/errata/RHSA-2013-0208.html

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/nova/+bug/1070539

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-1663-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Dec 26, 2012
Vulnerability Reserved
Oct 24, 2012