Vulnerability Details : CVE-2012-5625
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2012-5625
Probability of exploitation activity in the next 30 days: 0.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-5625
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-5625
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5625
-
http://www.openwall.com/lists/oss-security/2012/12/11/5
oss-security - [OSSA 2012-020] Information leak in libvirt LVM-backed instances (CVE-2012-5625)
-
https://launchpad.net/nova/folsom/2012.2.2
2012.2.2 : Series folsom : OpenStack Compute (nova)
-
https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354
Don't leak info from libvirt LVM backed instances · openstack/nova@a99a802 · GitHubPatch
-
https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f
Don't leak info from libvirt LVM backed instances · openstack/nova@9d2ea97 · GitHubPatch
-
http://www.ubuntu.com/usn/USN-1663-1
USN-1663-1: Nova vulnerability | Ubuntu security noticesPatch
-
http://rhn.redhat.com/errata/RHSA-2013-0208.html
RHSA-2013:0208 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=884293
884293 – (CVE-2012-5625) CVE-2012-5625 OpenStack Nova: Information leak in libvirt LVM-backed instances
-
http://www.securityfocus.com/bid/56904
OpenStack Nova CVE-2012-5625 Local Information Disclosure Vulnerability
-
https://bugs.launchpad.net/nova/+bug/1070539
Bug #1070539 “[OSSA 2012-020] create_lvm_image allocates dirty b...” : Bugs : OpenStack Compute (nova)
Products affected by CVE-2012-5625
- cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*