CVE-2013-7130: OpenStack Nova Live migration can leak root disk into ephemeral storage

May 17, 2022 (updated November 26, 2024)

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

References

bugs.launchpad.net/nova/+bug/1251590
exchange.xforce.ibmcloud.com/vulnerabilities/90652
github.com/advisories/GHSA-99rx-9x8v-9j8p
github.com/openstack/nova
github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml
nvd.nist.gov/vuln/detail/CVE-2013-7130
review.openstack.org/
review.openstack.org/
review.openstack.org/

Code Behaviors & Features

Detect and mitigate CVE-2013-7130 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →