Data Exposure in OpenStack Compute's KVM Live Migration
CVE-2013-7130
Currently unrated
Key Information:
Summary
The i_create_images_and_backing method in the libvirt driver of OpenStack Compute (Nova) versions Grizzly, Havana, and Icehouse has a flaw that affects KVM live block migration. This issue occurs because the method does not generate all expected files during the migration process, which can result in unauthorized access to snapshot root disk contents stored in ephemeral storage. Attackers could exploit this vulnerability to potentially access sensitive data belonging to other users, posing significant security risks.
References
Timeline
Vulnerability published
Vulnerability Reserved