Bug 1599899 (CVE-2017-15139) - CVE-2017-15139 openstack-cinder: Data retained after deletion of a ScaleIO volume
Summary: CVE-2017-15139 openstack-cinder: Data retained after deletion of a ScaleIO vo...
Alias: CVE-2017-15139
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1610143 1610144 1610145 1610146 1610147 1610148 1622250
Blocks: 1599900
TreeView+ depends on / blocked
Reported: 2018-07-10 21:27 UTC by Pedro Sampaio
Modified: 2022-04-14 18:05 UTC (History)
31 users (show)

Fixed In Version: cinder 10.0.8, cinder, cinder 12.04
Doc Type: If docs needed, set a value
Doc Text:
An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive information.
Clone Of:
Last Closed: 2019-06-10 10:32:20 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1699573 0 None None None 2018-10-03 02:02:22 UTC
Launchpad 1784871 0 None None None 2018-10-03 02:01:53 UTC
OpenStack gerrit 592001 0 'None' MERGED ScaleIO: Disable volume creation without padding 2020-09-18 22:23:16 UTC
OpenStack gerrit 593694 0 'None' MERGED ScaleIO: Deprecate sio_allow_non_padded_thick_volumes 2020-09-18 22:23:19 UTC
OpenStack gerrit 596658 0 'None' MERGED Fixed invalid number of arguments bug in ScaleIO driver 2020-09-18 22:23:19 UTC
Red Hat Product Errata RHSA-2018:3601 0 None None None 2018-11-13 22:13:47 UTC
Red Hat Product Errata RHSA-2019:0917 0 None None None 2019-04-30 16:58:38 UTC

Description Pedro Sampaio 2018-07-10 21:27:57 UTC
Certain storage volume configurations allow newly created volumes to contain previous data. This could lead to leakage of sensitive information between tenants.

Affected Services / Software
Cinder releases up to and including Queens with ScaleIO volumes using thin volumes and zero padding.

External references:


Upstream bug:


Comment 3 Summer Long 2018-07-31 00:20:49 UTC
The 2018 upstream fix prevents the creation of thick volumes with disabled zero padding by default (although can be overridden with config option, sio_allow_non_padded_thick_volumes).  
Note: fix is in 13 dev milestone, to be released with Rocky.

Comment 6 Summer Long 2018-07-31 04:14:17 UTC
Created openstack-cinder tracking bugs for this issue:

Affects: openstack-rdo [bug 1610143]

Comment 18 Summer Long 2018-08-20 00:22:20 UTC
Upstream bug for thin volumes: https://bugs.launchpad.net/cinder/+bug/1784871
Upstream patch (scaleIO):https://review.openstack.org/#/c/592001/ 
Upstream rocky (not merged yet): https://review.openstack.org/593188

Comment 22 Summer Long 2018-08-21 23:35:15 UTC
Next patch: https://review.openstack.org/#/c/593694/

Comment 23 Summer Long 2018-08-28 00:33:07 UTC
Upstream queens: https://review.openstack.org/596879

Comment 24 Summer Long 2018-09-11 23:04:24 UTC
Upstream pike: https://review.openstack.org/601681

Comment 25 Summer Long 2018-09-21 00:35:49 UTC
Upstream ocata: https://review.openstack.org/#/c/604105/

Comment 26 Summer Long 2018-10-02 01:30:07 UTC
Upstream newton: https://review.openstack.org/#/c/606130/

Comment 28 Summer Long 2018-10-10 02:18:15 UTC

This flaw only affects Red Hat OpenStack Platform deployments which use the third-party EMC ScaleIO driver plugin. To mitigate this flaw, ensure all volumes use zero-padding by updating the ScaleIO storage-pool policy. 
Note: Only an empty pool's policy can be changed.

scli --modify_zero_padding_policy
   (((--protection_domain_id <ID> |
   --protection_domain_name <NAME>)
   --storage_pool_name <NAME>) | --storage_pool_id <ID>)
   (--enable_zero_padding | --disable_zero_padding)

scli --modify_zero_padding_policy
--protection_domain_name pd10 --storage_pool_name scale1

Comment 30 Summer Long 2018-10-16 01:52:08 UTC

With this update, disabled zero-padding is no longer the default for new volumes. Users can override this behavior by setting the new configuration item, "sio_allow_non_padded_volumes=True". However, the default should not be overridden if multiple tenants will be using volumes from a shared Storage Pool.

Comment 31 errata-xmlrpc 2018-11-13 22:13:31 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2018:3601 https://access.redhat.com/errata/RHSA-2018:3601

Comment 33 Sofia Enriquez 2019-01-25 22:46:52 UTC
Tomas, sorry for the wrong update. 
OpenStack Vulnerability Management Team keep the bug is still only in the "Confirmed" state.
OpenStack Gerrit 592001, 593694 and 596658 were already backported to OSP10.

Comment 34 errata-xmlrpc 2019-04-30 16:58:37 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:0917 https://access.redhat.com/errata/RHSA-2019:0917

Comment 35 arkady kanevsky 2019-05-10 19:28:40 UTC
1.	What specific Red Hat OpenStack Platform version to validate? From the bug, https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 , the fix is in ‘cinder 10.0.8,  cinder, cinder 12.04’, but I’m not sure what version we’re talking about.
2.	What specific ScaleIO/VxFlexOS array version to validate?
3.	What specific ScaleIO/VxFlexOS deployment option to validate, although I think 2-layer should be good for validate the fix.
•	2-layer storage? This is when the ScaleIO/VxFlexOS Storage is installed in separate servers outside of Openstack nodes.
•	Or Hyperconverged? This is when the Openstack and storage is installed in the same servers.

Note You need to log in before you can comment on or make changes to this bug.