1205313 – (CVE-2015-2687) CVE-2015-2687 openstack-nova: information leak when live-migration failed

Bug 1205313 (CVE-2015-2687) - CVE-2015-2687 openstack-nova: information leak when live-migration failed

Summary: CVE-2015-2687 openstack-nova: information leak when live-migration failed

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-2687
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1205314 1205315
Blocks:	1205318
TreeView+	depends on / blocked

Reported:	2015-03-24 16:36 UTC by Vasyl Kaigorodov
Modified:	2021-10-20 10:50 UTC (History)
CC List:	33 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-20 10:50:59 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vasyl Kaigorodov 2015-03-24 16:36:19 UTC

It was reported that under certain conditions (when live migrations fails), an attacker can access other VMs volumes, which under normal conditions he should not be able to access:
https://bugs.launchpad.net/nova/+bug/1419577

CVE has been assigned here: http://seclists.org/oss-sec/2015/q1/990
No patches are available at the time of writing.

Comment 1 Vasyl Kaigorodov 2015-03-24 16:36:55 UTC

Created openstack-nova tracking bugs for this issue:

Affects: fedora-all [bug 1205314]
Affects: openstack-rdo [bug 1205315]

Note You need to log in before you can comment on or make changes to this bug.

abaron
akscram
alexander.sakhnov
apevec
apevec
berrange
bfilippov
carnil
chrisw
dallan
dasmith
davidx
eglynn
gkotton
gmollett
itamar
jonathansteffan
jose.castro.leon
kchamart
lhh
lpeer
markmc
mlvov
mmagr
p
rbryant
rk
sbauza
sclewis
sgordon
srevivo
vladanovic
vromanso