Miggo Logo

CVE-2013-7130: OpenStack Nova Live migration can leak root disk into ephemeral storage

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.84811%
Published
5/17/2022
Updated
11/26/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 12.0.0a012.0.0a0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper file creation logic in _create_images_and_backing as described in CVE-2013-7130 and confirmed by the patch. The commit diff shows this function was modified to add conditional handling for ephemeral/swap files, and the original vulnerability description explicitly names this method as the flawed component. The pre-patch code path would use glance image fetching for ephemeral storage when missing backing files, leading to cross-user data leaks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** i_*r**t*_im***s_*n*_***kin* (*k* *r**t*_im***s_*n*_***kin*) m*t*o* in li*virt *riv*r in Op*nSt**k *omput* (Nov*) *rizzly, **v*n*, *n* I***ous*, w**n usin* KVM liv* *lo*k mi*r*tion, *o*s not prop*rly *r**t* *ll *xp**t** *il*s, w*i** *llows *tt**k*

Reasoning

T** vuln*r**ility st*ms *rom improp*r *il* *r**tion lo*i* in _*r**t*_im***s_*n*_***kin* *s **s*ri*** in *V*-****-**** *n* *on*irm** *y t** p*t**. T** *ommit *i** s*ows t*is *un*tion w*s mo*i*i** to *** *on*ition*l **n*lin* *or *p**m*r*l/sw*p *il*s, *