ScaleIO (thin) volumes contain previous data (follow-up to 1699573)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Undecided
|
Matan Sabag | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Bug 1699573 described an issue in the ScaleIO Cinder driver where new volumes can contain data from previously deleted volumes. [1]
We specifically document [2] that this is a security hazard for Cinder, because it means that end-user data can leak between tenants.
The previous bug discussion and fix indicated that this only affects thick-provisioned volumes from ScaleIO. Further investigation indicates that it also affects thin-provisioned volumes, so the fix was not complete.
It appears that we can fix this issue completely by extending the previous fix to not consider thin-provisioned volumes safe, and apply the same logic to thin volumes that we use for thick volumes. This would force ScaleIO zero padding to be enabled in all cases.
I also think this bug merits a Class A rating per the VMT process. [3] I don't see a reason we can't backport the fix to stable releases.
The text of OSSN-0084 [4] makes this more confusing -- the description described this issue as affecting thin volumes, when the fix only affected thick volumes. The Recommended Actions are also incorrect -- enabling zero padding probably* fixes this issue, but swapping to thin volumes is not relevant.
* (I don't have access to a ScaleIO backend to investigate this directly. I'm relying on some brief discussion with ScaleIO maintainers and customer reports.)
[1] https:/
[2] https:/
[3] https:/
[4] http://
CVE References
Changed in cinder: | |
assignee: | nobody → Helen Walsh (walshh2) |
Changed in cinder: | |
assignee: | Helen Walsh (walshh2) → Matan Sabag (matan-sabag) |
Changed in ossa: | |
status: | Incomplete → Confirmed |
Changed in cinder: | |
status: | New → In Progress |
Changed in cinder: | |
assignee: | Matan Sabag (matan-sabag) → Sean McGinnis (sean-mcginnis) |
Changed in cinder: | |
assignee: | Sean McGinnis (sean-mcginnis) → Matan Sabag (matan-sabag) |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
Could we subscribe ScaleIO maintainers to this bug?