CVE-2013-7130
OpenStack Nova Live migration can leak root disk into ephemeral storage
7.5
HIGH
CVSS 3.1
EPSS 3.1%
Description
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
How to fix CVE-2013-7130
To remediate CVE-2013-7130, upgrade the affected package to a fixed version below.
- —upgrade to 2013.2.2 or later
- —upgrade to 12.0.0a0 or later
- —upgrade to 12.0.0a0 or later
Is CVE-2013-7130 being exploited?
Low — EPSS is 3.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2013.2.2
- from 0, < 12.0.0a0
- from 0, < 12.0.0a0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |