qcow format could expose host filesystem information
Description
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenStack Nova before 2012.1 allows guest access to host files via malformed qcow images with backing file references.
Vulnerability
CVE-2011-3147 is a path traversal vulnerability in OpenStack Nova (Compute) versions prior to the 2012.1 release. The root cause is that Nova did not validate or sanitize qcow (QEMU Copy-On-Write) disk images for the presence of a 'backing file' reference. A maliciously crafted qcow image can specify an arbitrary host file (e.g., /etc/shadow) as its backing store, causing QEMU to expose the contents of that host file to the guest operating system when the instance is launched [1][3].
Exploitation
To exploit this flaw, an attacker must have the ability to upload a qcow2 image to the Nova image service and subsequently launch an instance using that image. The vulnerability is contingent on the Nova configuration parameter use_cow_images being set to True (the default in some deployments), which allows QEMU to process the qcow2 format with its backing file chain. If use_cow_images is False, the disk is treated as raw and the vulnerable QEMU code path is not triggered [3]. The attacker does not need any prior authentication to the hypervisor host, but does need credentials for the OpenStack API to upload images and start instances.
Impact
Successful exploitation leads to unauthorized disclosure of sensitive host files to the guest operating system. An attacker could read arbitrary files accessible by the libvirt-qemu user on the hypervisor, including system configuration files, credentials, or other tenant instance disks. This completely violates the isolation model of multi-tenant cloud environments and could enable further compromise of the host or other instances [3].
Mitigation
The vulnerability was fixed in Nova 2012.1 (Essex) by the commit ff9d353b2f4fee469e530fbc8dc231a41f6fed84 [2]. The fix introduces a new function fetch_to_raw that, for any non-raw image, uses qemu-img info to inspect the image format and backing file. If a backing file is detected, the image is rejected as 'Dangerous' and the instance launch fails [2]. Additionally, all non-raw images are converted to the raw format before being cached on the compute node, eliminating the risk of QEMU following backing file chains. Administrators should upgrade to Nova 2012.1 or later, or apply the patch. Setting use_cow_images=False as a workaround also mitigates the vulnerability, though it may have performance implications [3].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | < 12.0.0a0 | 12.0.0a0 |
Affected products
2Patches
1ff9d353b2f4fconvert images that are not 'raw' to 'raw' during caching to node
2 files changed · +56 −1
nova/virt/images.py+55 −0 modified@@ -21,6 +21,9 @@ Handling of VM disk images. """ +import os + +from nova import exception from nova import flags from nova.image import glance as glance_image_service import nova.image @@ -42,3 +45,55 @@ def fetch(context, image_href, path, _user_id, _project_id): with open(path, "wb") as image_file: metadata = image_service.get(context, image_id, image_file) return metadata + + +def fetch_to_raw(context, image_href, path, _user_id, _project_id): + path_tmp = "%s.part" % path + metadata = fetch(context, image_href, path_tmp, _user_id, _project_id) + + def _qemu_img_info(path): + + out, err = utils.execute('qemu-img', 'info', path) + + # output of qemu-img is 'field: value' + # the fields of interest are 'file format' and 'backing file' + data = {} + for line in out.splitlines(): + (field, val) = line.split(':', 1) + if val[0] == " ": + val = val[1:] + data[field] = val + + return(data) + + data = _qemu_img_info(path_tmp) + + fmt = data.get("file format", None) + if fmt == None: + raise exception.ImageUnacceptable( + reason="'qemu-img info' parsing failed.", image_id=image_href) + + if fmt != "raw": + staged = "%s.converted" % path + if "backing file" in data: + raise exception.ImageUnacceptable(image_id=image_href, + reason="Dangerous! fmt=%s with backing file: %s" % + (fmt, data['backing file'])) + + LOG.debug("%s was %s, converting to raw" % (image_href, fmt)) + out, err = utils.execute('qemu-img', 'convert', '-O', 'raw', + path_tmp, staged) + os.unlink(path_tmp) + + data = _qemu_img_info(staged) + if data.get('file format', None) != "raw": + raise exception.ImageUnacceptable(image_id=image_href, + reason="Dangerous! Converted to raw, but format is now %s" % + data.get('file format', None)) + + os.rename(staged, path) + + else: + os.rename(path_tmp, path) + + return metadata
nova/virt/libvirt/connection.py+1 −1 modified@@ -769,7 +769,7 @@ def call_if_not_exists(base, fn, *args, **kwargs): def _fetch_image(self, context, target, image_id, user_id, project_id, size=None): """Grab image and optionally attempt to resize it""" - images.fetch(context, image_id, target, user_id, project_id) + images.fetch_to_raw(context, image_id, target, user_id, project_id) if size: disk.extend(target, size)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-hqfx-4x4w-vmwpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-3147ghsaADVISORY
- bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604ghsax_refsource_MISCWEB
- bugs.launchpad.net/nova/+bug/853330ghsaWEB
- github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84ghsaWEB
News mentions
0No linked articles in our index yet.