Data Exposure in OpenStack Compute's KVM Live Migration

CVE-2013-7130

Summary

The i_create_images_and_backing method in the libvirt driver of OpenStack Compute (Nova) versions Grizzly, Havana, and Icehouse has a flaw that affects KVM live block migration. This issue occurs because the method does not generate all expected files during the migration process, which can result in unauthorized access to snapshot root disk contents stored in ephemeral storage. Attackers could exploit this vulnerability to potentially access sensitive data belonging to other users, posing significant security risks.

References