High severityNVD Advisory· Published Feb 6, 2014· Updated Apr 29, 2026
CVE-2013-7130
CVE-2013-7130
Description
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | < 12.0.0a0 | 12.0.0a0 |
Affected products
8cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.1.3:*:*:*:*:*:*:*
Patches
315ee7e17f63flibvirt: Fix root disk leak in live mig
2 files changed · +64 −7
nova/tests/virt/libvirt/test_libvirt.py+42 −0 modified@@ -3047,6 +3047,48 @@ def test_create_images_and_backing(self): conn._create_images_and_backing(self.context, self.test_instance, "/fake/instance/dir", disk_info_json) + def test_create_images_and_backing_ephemeral_gets_created(self): + conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + disk_info_json = jsonutils.dumps( + [{u'backing_file': u'fake_image_backing_file', + u'disk_size': 10747904, + u'path': u'disk_path', + u'type': u'qcow2', + u'virt_disk_size': 25165824}, + {u'backing_file': u'ephemeral_1_default', + u'disk_size': 393216, + u'over_committed_disk_size': 1073348608, + u'path': u'disk_eph_path', + u'type': u'qcow2', + u'virt_disk_size': 1073741824}]) + + base_dir = os.path.join(CONF.instances_path, + CONF.base_dir_name) + self.test_instance.update({'name': 'fake_instance', + 'user_id': 'fake-user', + 'os_type': None, + 'project_id': 'fake-project'}) + + with contextlib.nested( + mock.patch.object(conn, '_fetch_instance_kernel_ramdisk'), + mock.patch.object(libvirt_driver.libvirt_utils, 'fetch_image'), + mock.patch.object(conn, '_create_ephemeral') + ) as (fetch_kernel_ramdisk_mock, fetch_image_mock, + create_ephemeral_mock): + conn._create_images_and_backing(self.context, self.test_instance, + "/fake/instance/dir", + disk_info_json) + self.assertEqual(len(create_ephemeral_mock.call_args_list), 1) + m_args, m_kwargs = create_ephemeral_mock.call_args_list[0] + self.assertEqual( + os.path.join(base_dir, 'ephemeral_1_default'), + m_kwargs['target']) + self.assertEqual(len(fetch_image_mock.call_args_list), 1) + m_args, m_kwargs = fetch_image_mock.call_args_list[0] + self.assertEqual( + os.path.join(base_dir, 'fake_image_backing_file'), + m_kwargs['target']) + def test_create_images_and_backing_disk_info_none(self): conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
nova/virt/libvirt/driver.py+22 −7 modified@@ -4210,13 +4210,28 @@ def _create_images_and_backing(self, context, instance, instance_dir, image = self.image_backend.image(instance, instance_disk, CONF.libvirt_images_type) - image.cache(fetch_func=libvirt_utils.fetch_image, - context=context, - filename=cache_name, - image_id=instance['image_ref'], - user_id=instance['user_id'], - project_id=instance['project_id'], - size=info['virt_disk_size']) + if cache_name.startswith('ephemeral'): + image.cache(fetch_func=self._create_ephemeral, + fs_label=cache_name, + os_type=instance["os_type"], + filename=cache_name, + size=info['virt_disk_size'], + ephemeral_size=instance['ephemeral_gb']) + elif cache_name.startswith('swap'): + inst_type = flavors.extract_flavor(instance) + swap_mb = inst_type['swap'] + image.cache(fetch_func=self._create_swap, + filename="swap_%s" % swap_mb, + size=swap_mb * (1024 ** 2), + swap_mb=swap_mb) + else: + image.cache(fetch_func=libvirt_utils.fetch_image, + context=context, + filename=cache_name, + image_id=instance['image_ref'], + user_id=instance['user_id'], + project_id=instance['project_id'], + size=info['virt_disk_size']) # if image has kernel and ramdisk, just download # following normal way.
b0d36683fe06libvirt: Fix root disk leak in live mig
2 files changed · +64 −7
nova/tests/virt/libvirt/test_libvirt.py+42 −0 modified@@ -3361,6 +3361,48 @@ def test_create_images_and_backing_qcow2(self): def test_create_images_and_backing_raw(self): self._do_test_create_images_and_backing('raw') + def test_create_images_and_backing_ephemeral_gets_created(self): + conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + disk_info_json = jsonutils.dumps( + [{u'backing_file': u'fake_image_backing_file', + u'disk_size': 10747904, + u'path': u'disk_path', + u'type': u'qcow2', + u'virt_disk_size': 25165824}, + {u'backing_file': u'ephemeral_1_default', + u'disk_size': 393216, + u'over_committed_disk_size': 1073348608, + u'path': u'disk_eph_path', + u'type': u'qcow2', + u'virt_disk_size': 1073741824}]) + + base_dir = os.path.join(CONF.instances_path, + CONF.image_cache_subdirectory_name) + self.test_instance.update({'name': 'fake_instance', + 'user_id': 'fake-user', + 'os_type': None, + 'project_id': 'fake-project'}) + + with contextlib.nested( + mock.patch.object(conn, '_fetch_instance_kernel_ramdisk'), + mock.patch.object(libvirt_driver.libvirt_utils, 'fetch_image'), + mock.patch.object(conn, '_create_ephemeral') + ) as (fetch_kernel_ramdisk_mock, fetch_image_mock, + create_ephemeral_mock): + conn._create_images_and_backing(self.context, self.test_instance, + "/fake/instance/dir", + disk_info_json) + self.assertEqual(len(create_ephemeral_mock.call_args_list), 1) + m_args, m_kwargs = create_ephemeral_mock.call_args_list[0] + self.assertEqual( + os.path.join(base_dir, 'ephemeral_1_default'), + m_kwargs['target']) + self.assertEqual(len(fetch_image_mock.call_args_list), 1) + m_args, m_kwargs = fetch_image_mock.call_args_list[0] + self.assertEqual( + os.path.join(base_dir, 'fake_image_backing_file'), + m_kwargs['target']) + def test_create_images_and_backing_disk_info_none(self): conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
nova/virt/libvirt/driver.py+22 −7 modified@@ -4387,13 +4387,28 @@ def _create_images_and_backing(self, context, instance, instance_dir, image = self.image_backend.image(instance, instance_disk, CONF.libvirt.images_type) - image.cache(fetch_func=libvirt_utils.fetch_image, - context=context, - filename=cache_name, - image_id=instance['image_ref'], - user_id=instance['user_id'], - project_id=instance['project_id'], - size=info['virt_disk_size']) + if cache_name.startswith('ephemeral'): + image.cache(fetch_func=self._create_ephemeral, + fs_label=cache_name, + os_type=instance["os_type"], + filename=cache_name, + size=info['virt_disk_size'], + ephemeral_size=instance['ephemeral_gb']) + elif cache_name.startswith('swap'): + inst_type = flavors.extract_flavor(instance) + swap_mb = inst_type['swap'] + image.cache(fetch_func=self._create_swap, + filename="swap_%s" % swap_mb, + size=swap_mb * units.Mi, + swap_mb=swap_mb) + else: + image.cache(fetch_func=libvirt_utils.fetch_image, + context=context, + filename=cache_name, + image_id=instance['image_ref'], + user_id=instance['user_id'], + project_id=instance['project_id'], + size=info['virt_disk_size']) # if image has kernel and ramdisk, just download # following normal way.
cbeb5e51886blibvirt: Fix root disk leak in live mig
2 files changed · +85 −9
nova/tests/test_libvirt.py+63 −0 modified@@ -2346,6 +2346,69 @@ def fake_lookup(instance_name): db.instance_destroy(self.context, instance_ref['uuid']) + def test_create_images_and_backing(self): + conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk') + self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'create_image') + + libvirt_driver.libvirt_utils.create_image(mox.IgnoreArg(), + mox.IgnoreArg(), + mox.IgnoreArg()) + conn._fetch_instance_kernel_ramdisk(self.context, self.test_instance) + self.mox.ReplayAll() + + self.stubs.Set(os.path, 'exists', lambda *args: False) + disk_info_json = jsonutils.dumps([{'path': 'foo', 'type': None, + 'disk_size': 0, + 'backing_file': None}]) + conn._create_images_and_backing(self.context, self.test_instance, + "/fake/instance/dir", disk_info_json) + + def test_create_images_and_backing_ephemeral_gets_created(self): + conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + disk_info_json = jsonutils.dumps( + [{u'backing_file': u'fake_image_backing_file', + u'disk_size': 10747904, + u'path': u'disk_path', + u'type': u'qcow2', + u'virt_disk_size': 25165824}, + {u'backing_file': u'ephemeral_1_default', + u'disk_size': 393216, + u'over_committed_disk_size': 1073348608, + u'path': u'disk_eph_path', + u'type': u'qcow2', + u'virt_disk_size': 1073741824}]) + + base_dir = os.path.join(CONF.instances_path, '_base') + ephemeral_target = os.path.join(base_dir, 'ephemeral_1_default') + image_target = os.path.join(base_dir, 'fake_image_backing_file') + self.test_instance.update({'name': 'fake_instance', + 'user_id': 'fake-user', + 'os_type': None, + 'project_id': 'fake-project'}) + + self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'fetch_image') + self.mox.StubOutWithMock(conn, '_create_ephemeral') + self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk') + + conn._create_ephemeral( + target=ephemeral_target, + ephemeral_size=self.test_instance['ephemeral_gb'], + max_size=mox.IgnoreArg(), os_type=mox.IgnoreArg(), + fs_label=mox.IgnoreArg()) + libvirt_driver.libvirt_utils.fetch_image(context=self.context, + image_id=mox.IgnoreArg(), + user_id=mox.IgnoreArg(), project_id=mox.IgnoreArg(), + max_size=mox.IgnoreArg(), target=image_target) + conn._fetch_instance_kernel_ramdisk( + self.context, self.test_instance).AndReturn(None) + + self.mox.ReplayAll() + + conn._create_images_and_backing(self.context, self.test_instance, + "/fake/instance/dir", + disk_info_json) + def test_pre_live_migration_works_correctly_mocked(self): # Creating testdata vol = {'block_device_mapping': [
nova/virt/libvirt/driver.py+22 −9 modified@@ -3304,19 +3304,32 @@ def _create_images_and_backing(self, ctxt, instance, instance_dir, elif info['backing_file']: # Creating backing file follows same way as spawning instances. cache_name = os.path.basename(info['backing_file']) - # Remove any size tags which the cache manages - cache_name = cache_name.split('_')[0] image = self.image_backend.image(instance, instance_disk, CONF.libvirt_images_type) - image.cache(fetch_func=libvirt_utils.fetch_image, - context=ctxt, - filename=cache_name, - image_id=instance['image_ref'], - user_id=instance['user_id'], - project_id=instance['project_id'], - size=info['virt_disk_size']) + if cache_name.startswith('ephemeral'): + image.cache(fetch_func=self._create_ephemeral, + fs_label=cache_name, + os_type=instance["os_type"], + filename=cache_name, + size=info['virt_disk_size'], + ephemeral_size=instance['ephemeral_gb']) + elif cache_name.startswith('swap'): + inst_type = instance_types.extract_instance_type(instance) + swap_mb = inst_type['swap'] + image.cache(fetch_func=self._create_swap, + filename="swap_%s" % swap_mb, + size=swap_mb * (1024 ** 2), + swap_mb=swap_mb) + else: + image.cache(fetch_func=libvirt_utils.fetch_image, + context=ctxt, + filename=cache_name, + image_id=instance['image_ref'], + user_id=instance['user_id'], + project_id=instance['project_id'], + size=info['virt_disk_size']) # if image has kernel and ramdisk, just download # following normal way.
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
22- review.openstack.orgnvdPatch
- review.openstack.orgnvdPatch
- secunia.com/advisories/56450nvdVendor Advisory
- github.com/advisories/GHSA-99rx-9x8v-9j8pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-7130ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.htmlnvdWEB
- osvdb.org/102416nvdWEB
- rhn.redhat.com/errata/RHSA-2014-0231.htmlnvdWEB
- www.openwall.com/lists/oss-security/2014/01/23/5nvdWEB
- www.ubuntu.com/usn/USN-2247-1nvdWEB
- bugs.launchpad.net/nova/+bug/1251590nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/90652nvdWEB
- github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9ghsaWEB
- github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1ghsaWEB
- github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yamlghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgghsaWEB
- www.securityfocus.com/bid/65106nvd
- review.openstack.orgnvd
News mentions
0No linked articles in our index yet.