Cinder

  1. Bug #1350504
  2. Comment #37

Comment 37 for bug 1350504

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote : Re: GlusterFS driver uses unsafe qcow2 format detection (CVE-2014-3641)

@Duncan oups, cinder-coresec indeed :)

Thank you for the review and the clarification on smbfs driver!
Here is the updated impact description:

Title: Cinder-volume host data leak to vm instance
Reporter: Duncan Thomas (HP)
Products: Cinder
Versions: up to 2014.1.2

Description:
Duncan Thomas from Hewlett Packard reported a vulnerability in Cinder GlusterFS and Linux Smbfs driver. By overwriting a volume from within an instance with a malicious qcow2 header, an authenticated user may be able to clone and attach that corrupted volume resulting in affected drivers leaking an arbitrary file from the Cinder-volume host to the virtual instance. Note that the host file must be readable by the Cinder context to be exposed. Only Cinder setups using GlusterFS volume driver configured with glusterfs_qcow2_volumes=False (which is the default) or Cinder setups using Smbfs volume driver configured with smbfs_default_volume_format=raw (which is not the default) are affected.