Your submission was sent successfully! Close

CVE-2012-5625

Published: 11 December 2012

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

Notes

AuthorNote
jdstrand
only affects Folsom and higher per upstream
Priority

Medium

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Not vulnerable

precise Not vulnerable

quantal
Released (2012.2-0ubuntu5.2)
upstream
Released (2013.1~g2)
Patches:
upstream: http://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354