Information Disclosure in OpenStack Compute (Nova) by Red Hat and Ubuntu
CVE-2012-5625

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
26 December 2012

Summary

In OpenStack Compute (Nova) versions prior to 2012.2.2 and in the Grizzly release, a vulnerability exists when using libvirt with LVM-backed instances. The issue arises from the failure to adequately clear the content of physical volumes (PV) when reallocating them for new instances. This oversight enables attackers to access sensitive information by reading the memory of previously allocated logical volumes (LV). The potential for exploitation highlights the importance of ensuring that memory management practices are strictly adhered to in virtualized environments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.