Bug 1205313 (CVE-2015-2687) - CVE-2015-2687 openstack-nova: information leak when live-migration failed
Summary: CVE-2015-2687 openstack-nova: information leak when live-migration failed
Status: NEW
Alias: CVE-2015-2687
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1205314 1205315
Blocks: 1205318
TreeView+ depends on / blocked
Reported: 2015-03-24 16:36 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:30 UTC (History)
34 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-03-24 16:36:19 UTC
It was reported that under certain conditions (when live migrations fails), an attacker can access other VMs volumes, which under normal conditions he should not be able to access:

CVE has been assigned here: http://seclists.org/oss-sec/2015/q1/990
No patches are available at the time of writing.

Comment 1 Vasyl Kaigorodov 2015-03-24 16:36:55 UTC
Created openstack-nova tracking bugs for this issue:

Affects: fedora-all [bug 1205314]
Affects: openstack-rdo [bug 1205315]

Note You need to log in before you can comment on or make changes to this bug.