Vulnerability Description
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Folsom | 2012.2 |
| Openstack | Grizzly | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/88419
- http://rhn.redhat.com/errata/RHSA-2013-0208.html
- http://www.openwall.com/lists/oss-security/2012/12/11/5
- http://www.securityfocus.com/bid/56904
- http://www.ubuntu.com/usn/USN-1663-1Patch
- https://bugs.launchpad.net/nova/+bug/1070539
- https://bugzilla.redhat.com/show_bug.cgi?id=884293
- https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5Patch
- https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd35Patch
- https://launchpad.net/nova/folsom/2012.2.2
- http://osvdb.org/88419
- http://rhn.redhat.com/errata/RHSA-2013-0208.html
- http://www.openwall.com/lists/oss-security/2012/12/11/5
- http://www.securityfocus.com/bid/56904
- http://www.ubuntu.com/usn/USN-1663-1Patch
FAQ
What is CVE-2012-5625?
CVE-2012-5625 is a vulnerability with a CVSS score of 4.3 (MEDIUM). OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which al...
How severe is CVE-2012-5625?
CVE-2012-5625 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5625?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Folsom, Openstack Grizzly.