Back to search
CVE-2016-2140
Published: Apr 12, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugs.launchpad.net/nova/+bug/1548450
x_refsource_CONFIRM
https://security.openstack.org/ossa/OSSA-2016-007.html
x_refsource_CONFIRM
84277
vdb-entry
x_refsource_BID
[oss-security] 20160308 Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now