CVE-2016-2140: OpenStack Nova host data access through resize/migration
5.3
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.56041%
CWE
Published
5/14/2022
Updated
5/14/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
nova | pip | >= 12.0.0, < 12.0.3 | 12.0.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from improper handling of disk.info metadata during migration/resize operations. The libvirt driver's pre_live_migration function didn't regenerate disk.info, while migrate_disk_and_power_off failed to copy it. This allowed attackers to manipulate disk formats via crafted headers. The patches explicitly address these functions by adding disk.info recreation/copy logic, confirming their role in the vulnerability.