5.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-2140

GHSA ID

GHSA-49jv-37hm-6gfp

EPSS Score

0.56041%

CWE

CWE-200

Published

5/14/2022

Updated

5/14/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-2140

CVE-2016-2140:
OpenStack Nova host data access through resize/migration

The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

(GitHub Advisory)

5.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-2140

GHSA ID

GHSA-49jv-37hm-6gfp

EPSS Score

0.56041%

CWE

CWE-200

Published

5/14/2022

Updated

5/14/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nova	pip	>= 12.0.0, < 12.0.3	12.0.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper handling of disk.info metadata during migration/resize operations. The libvirt driver's pre_live_migration function didn't regenerate disk.info, while migrate_disk_and_power_off failed to copy it. This allowed attackers to manipulate disk formats via crafted headers. The patches explicitly address these functions by adding disk.info recreation/copy logic, confirming their role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** li*virt *riv*r in Op*nSt**k *omput* (Nov*) ***or* ****.*.* (kilo) *n* **.*.x ***or* **.*.* (li**rty), w**n usin* r*w stor*** *n* us*_*ow_im***s is s*t to **ls*, *llows r*mot* *ut**nti**t** us*rs to r*** *r*itr*ry *il*s vi* * *r**t** q*ow* *****r

Reasoning

T** vuln*r**ility st*mm** *rom improp*r **n*lin* o* *isk.in*o m*t***t* *urin* mi*r*tion/r*siz* op*r*tions. T** li*virt *riv*r's pr*_liv*_mi*r*tion *un*tion *i*n't r***n*r*t* *isk.in*o, w*il* mi*r*t*_*isk_*n*_pow*r_o** **il** to *opy it. T*is *llow**

5.3

Basic Information

Concerned about an active attack path?

CVE-2016-2140: OpenStack Nova host data access through resize/migration

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2016-2140:
OpenStack Nova host data access through resize/migration

Vulnerability Intelligence
Miggo AI