Miggo Logo

CVE-2016-2140: OpenStack Nova host data access through resize/migration

5.3

CVSS Score
3.0

Basic Information

EPSS Score
0.56041%
Published
5/14/2022
Updated
5/14/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip>= 12.0.0, < 12.0.312.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper handling of disk.info metadata during migration/resize operations. The libvirt driver's pre_live_migration function didn't regenerate disk.info, while migrate_disk_and_power_off failed to copy it. This allowed attackers to manipulate disk formats via crafted headers. The patches explicitly address these functions by adding disk.info recreation/copy logic, confirming their role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** li*virt *riv*r in Op*nSt**k *omput* (Nov*) ***or* ****.*.* (kilo) *n* **.*.x ***or* **.*.* (li**rty), w**n usin* r*w stor*** *n* us*_*ow_im***s is s*t to **ls*, *llows r*mot* *ut**nti**t** us*rs to r*** *r*itr*ry *il*s vi* * *r**t** q*ow* *****r

Reasoning

T** vuln*r**ility st*mm** *rom improp*r **n*lin* o* *isk.in*o m*t***t* *urin* mi*r*tion/r*siz* op*r*tions. T** li*virt *riv*r's pr*_liv*_mi*r*tion *un*tion *i*n't r***n*r*t* *isk.in*o, w*il* mi*r*t*_*isk_*n*_pow*r_o** **il** to *opy it. T*is *llow**