CVE-2016-2140
CVSS V2 Low 3.5
CVSS V3 Medium 5.3
Description
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
Overview
- CVE ID
- CVE-2016-2140
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2016-04-12T14:59:10
- Last Modified Date
- 2023-02-13T04:50:04
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:* | 1 | OR | 12.0.0 | 12.0.3 |
| cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:* | 1 | OR | 2015.1.0 | 2015.1.4 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:S/C:P/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 3.5
- Severity
- LOW
- Exploitability Score
- 6.8
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- HIGH
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 5.3
- Base Severity
- MEDIUM
- Exploitability Score
- 1.6
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| http://seclists.org/oss-sec/2016/q1/563 | |
| http://www.openwall.com/lists/oss-security/2016/03/08/6 | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/84277 | Third Party Advisory VDB Entry |
| https://access.redhat.com/errata/RHSA-2016:0363 | |
| https://access.redhat.com/errata/RHSA-2016:0364 | |
| https://access.redhat.com/errata/RHSA-2016:0365 | |
| https://access.redhat.com/errata/RHSA-2016:0366 | |
| https://access.redhat.com/security/cve/CVE-2016-2140 | |
| https://bugs.launchpad.net/nova/+bug/1548450 | Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1313454 | |
| https://security.openstack.org/ossa/OSSA-2016-007.html | Patch Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2016-2140 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 17:52:25 | Added to TrackCVE | |||
| 2022-12-02 08:53:47 | 2016-04-12T14:59Z | 2016-04-12T14:59:10 | CVE Published Date | updated |
| 2022-12-02 08:53:47 | 2018-11-16T15:17:51 | CVE Modified Date | updated | |
| 2022-12-02 08:53:47 | Analyzed | Vulnerability Status | updated | |
| 2023-02-02 16:05:29 | 2023-02-02T15:17:07 | CVE Modified Date | updated | |
| 2023-02-02 16:05:29 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-02-02 16:05:29 | The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. | Description | updated |
| 2023-02-02 16:05:30 | References | updated | ||
| 2023-02-13 05:06:50 | 2023-02-13T04:50:04 | CVE Modified Date | updated | |
| 2023-02-13 05:06:50 | An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. | The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | Description | updated |