Thanks for the clarification, I've confirmed the OSSA task. Matthew, about ceph, lvm, ... does it also triggers even with use_cow_images = True ?
Here is a first draft for the impact description:
Title: Nova host data leak through snapshot
Reporter: Matthew Booth (Red Hat)
Products: Nova
Versions: <=2015.1.2, ==12.0.0
Description:
Matthew Booth from Red Hat reported a vulnerability in Nova instance snapshot. By overwriting the disk inside an instance with a malicious image and requesting a snapshot, an authenticated user would be able to read an arbitrary file from the compute host. Note that the host file needs to be readable by the libvirt/kvm context to be exposed, lvm image backend run as root user, other backends run as nova user. Only setups using libvirt to spawn instance, and having "use_cow_images = False" in Nova configuration are affected.
Thanks for the clarification, I've confirmed the OSSA task. Matthew, about ceph, lvm, ... does it also triggers even with use_cow_images = True ?
Here is a first draft for the impact description:
Title: Nova host data leak through snapshot
Reporter: Matthew Booth (Red Hat)
Products: Nova
Versions: <=2015.1.2, ==12.0.0
Description:
Matthew Booth from Red Hat reported a vulnerability in Nova instance snapshot. By overwriting the disk inside an instance with a malicious image and requesting a snapshot, an authenticated user would be able to read an arbitrary file from the compute host. Note that the host file needs to be readable by the libvirt/kvm context to be exposed, lvm image backend run as root user, other backends run as nova user. Only setups using libvirt to spawn instance, and having "use_cow_images = False" in Nova configuration are affected.