Moderate severityNVD Advisory· Published Jun 25, 2015· Updated May 6, 2026
CVE-2015-1851
CVE-2015-1851
Description
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cinderPyPI | < 7.0.0a0 | 7.0.0a0 |
Affected products
6- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Patches
4b1143ee45323Disallow backing files when uploading volumes to image
2 files changed · +20 −2
cinder/image/image_utils.py+14 −0 modified@@ -354,6 +354,20 @@ def upload_volume(context, image_service, image_meta, volume_path, with temporary_file() as tmp: LOG.debug("%s was %s, converting to %s", image_id, volume_format, image_meta['disk_format']) + + data = qemu_img_info(volume_path, run_as_root=run_as_root) + backing_file = data.backing_file + fmt = data.file_format + if backing_file is not None: + # Disallow backing files as a security measure. + # This prevents a user from writing an image header into a raw + # volume with a backing file pointing to data they wish to + # access. + raise exception.ImageUnacceptable( + image_id=image_id, + reason=_("fmt=%(fmt)s backed by:%(backing_file)s") + % {'fmt': fmt, 'backing_file': backing_file}) + convert_image(volume_path, tmp, image_meta['disk_format'], run_as_root=run_as_root)
cinder/tests/unit/test_image_utils.py+6 −2 modified@@ -381,6 +381,7 @@ def test_diff_format(self, mock_os, mock_temp, mock_convert, mock_info, mock_os.name = 'posix' data = mock_info.return_value data.file_format = mock.sentinel.disk_format + data.backing_file = None temp_file = mock_temp.return_value.__enter__.return_value output = image_utils.upload_volume(ctxt, image_service, image_meta, @@ -391,7 +392,8 @@ def test_diff_format(self, mock_os, mock_temp, mock_convert, mock_info, temp_file, mock.sentinel.disk_format, run_as_root=True) - mock_info.assert_called_once_with(temp_file, run_as_root=True) + mock_info.assert_called_with(temp_file, run_as_root=True) + self.assertEqual(mock_info.call_count, 2) mock_open.assert_called_once_with(temp_file, 'rb') image_service.update.assert_called_once_with( ctxt, image_meta['id'], {}, @@ -470,6 +472,7 @@ def test_convert_error(self, mock_os, mock_temp, mock_convert, mock_info, mock_os.name = 'posix' data = mock_info.return_value data.file_format = mock.sentinel.other_disk_format + data.backing_file = None temp_file = mock_temp.return_value.__enter__.return_value self.assertRaises(exception.ImageUnacceptable, @@ -479,7 +482,8 @@ def test_convert_error(self, mock_os, mock_temp, mock_convert, mock_info, temp_file, mock.sentinel.disk_format, run_as_root=True) - mock_info.assert_called_once_with(temp_file, run_as_root=True) + mock_info.assert_called_with(temp_file, run_as_root=True) + self.assertEqual(mock_info.call_count, 2) self.assertFalse(image_service.update.called)
bc0549e08b01Disallow backing files when uploading volumes to image
2 files changed · +22 −0
cinder/image/image_utils.py+14 −0 modified@@ -251,6 +251,20 @@ def upload_volume(context, image_service, image_meta, volume_path, with fileutils.remove_path_on_error(tmp): LOG.debug("%s was %s, converting to %s" % (image_id, volume_format, image_meta['disk_format'])) + + data = qemu_img_info(volume_path) + backing_file = data.backing_file + fmt = data.file_format + if backing_file is not None: + # Disallow backing files as a security measure. + # This prevents a user from writing an image header into a raw + # volume with a backing file pointing to data they wish to + # access. + raise exception.ImageUnacceptable( + image_id=image_id, + reason=_("fmt=%(fmt)s backed by:%(backing_file)s") + % {'fmt': fmt, 'backing_file': backing_file}) + convert_image(volume_path, tmp, image_meta['disk_format']) data = qemu_img_info(tmp)
cinder/tests/test_image_utils.py+8 −0 modified@@ -396,6 +396,10 @@ def test_upload_volume(self): m = self._mox m.StubOutWithMock(utils, 'execute') + utils.execute( + 'env', 'LC_ALL=C', 'qemu-img', 'info', + mox.IgnoreArg(), run_as_root=True).AndReturn( + (TEST_RET, 'ignored')) utils.execute('qemu-img', 'convert', '-O', 'qcow2', mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True) utils.execute( @@ -434,6 +438,10 @@ def test_upload_volume_on_error(self): m = self._mox m.StubOutWithMock(utils, 'execute') + utils.execute( + 'env', 'LC_ALL=C', 'qemu-img', 'info', + mox.IgnoreArg(), run_as_root=True).AndReturn( + (TEST_RET, 'ignored')) utils.execute('qemu-img', 'convert', '-O', 'qcow2', mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True) utils.execute(
d31c937c5660Disallow backing files when uploading volumes to image
2 files changed · +27 −0
cinder/image/image_utils.py+14 −0 modified@@ -312,6 +312,20 @@ def upload_volume(context, image_service, image_meta, volume_path, with fileutils.remove_path_on_error(tmp): LOG.debug("%s was %s, converting to %s" % (image_id, volume_format, image_meta['disk_format'])) + + data = qemu_img_info(volume_path) + backing_file = data.backing_file + fmt = data.file_format + if backing_file is not None: + # Disallow backing files as a security measure. + # This prevents a user from writing an image header into a raw + # volume with a backing file pointing to data they wish to + # access. + raise exception.ImageUnacceptable( + image_id=image_id, + reason=_("fmt=%(fmt)s backed by:%(backing_file)s") + % {'fmt': fmt, 'backing_file': backing_file}) + convert_image(volume_path, tmp, image_meta['disk_format'], bps_limit=CONF.volume_copy_bps_limit)
cinder/tests/test_image_utils.py+13 −0 modified@@ -462,6 +462,10 @@ def test_upload_volume(self, mock_stat, bps_limit=0): volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(), bps_limit).AndReturn(prefix) + utils.execute( + 'env', 'LC_ALL=C', 'qemu-img', 'info', + mox.IgnoreArg(), run_as_root=True).AndReturn( + (TEST_RET, 'ignored')) utils.execute(*cmd, run_as_root=True) utils.execute( 'env', 'LC_ALL=C', 'qemu-img', 'info', @@ -497,6 +501,11 @@ def test_upload_volume_with_bps_limit(self, mock_stat): volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(), bps_limit).AndReturn(prefix) + + utils.execute( + 'env', 'LC_ALL=C', 'qemu-img', 'info', + mox.IgnoreArg(), run_as_root=True).AndReturn( + (TEST_RET, 'ignored')) utils.execute(*cmd, run_as_root=True) utils.execute( 'env', 'LC_ALL=C', 'qemu-img', 'info', @@ -534,6 +543,10 @@ def test_upload_volume_on_error(self, mock_stat): m.StubOutWithMock(utils, 'execute') m.StubOutWithMock(volume_utils, 'check_for_odirect_support') + utils.execute( + 'env', 'LC_ALL=C', 'qemu-img', 'info', + mox.IgnoreArg(), run_as_root=True).AndReturn( + (TEST_RET, 'ignored')) utils.execute('qemu-img', 'convert', '-O', 'qcow2', mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True) utils.execute(
9634b76ba588Disallow backing files when uploading volumes to image
2 files changed · +20 −2
cinder/image/image_utils.py+14 −0 modified@@ -344,6 +344,20 @@ def upload_volume(context, image_service, image_meta, volume_path, with temporary_file() as tmp: LOG.debug("%s was %s, converting to %s", image_id, volume_format, image_meta['disk_format']) + + data = qemu_img_info(volume_path, run_as_root=run_as_root) + backing_file = data.backing_file + fmt = data.file_format + if backing_file is not None: + # Disallow backing files as a security measure. + # This prevents a user from writing an image header into a raw + # volume with a backing file pointing to data they wish to + # access. + raise exception.ImageUnacceptable( + image_id=image_id, + reason=_("fmt=%(fmt)s backed by:%(backing_file)s") + % {'fmt': fmt, 'backing_file': backing_file}) + convert_image(volume_path, tmp, image_meta['disk_format'], run_as_root=run_as_root)
cinder/tests/test_image_utils.py+6 −2 modified@@ -381,6 +381,7 @@ def test_diff_format(self, mock_os, mock_temp, mock_convert, mock_info, mock_os.name = 'posix' data = mock_info.return_value data.file_format = mock.sentinel.disk_format + data.backing_file = None temp_file = mock_temp.return_value.__enter__.return_value output = image_utils.upload_volume(ctxt, image_service, image_meta, @@ -391,7 +392,8 @@ def test_diff_format(self, mock_os, mock_temp, mock_convert, mock_info, temp_file, mock.sentinel.disk_format, run_as_root=True) - mock_info.assert_called_once_with(temp_file, run_as_root=True) + mock_info.assert_called_with(temp_file, run_as_root=True) + self.assertEqual(mock_info.call_count, 2) mock_open.assert_called_once_with(temp_file, 'rb') image_service.update.assert_called_once_with( ctxt, image_meta['id'], {}, @@ -470,6 +472,7 @@ def test_convert_error(self, mock_os, mock_temp, mock_convert, mock_info, mock_os.name = 'posix' data = mock_info.return_value data.file_format = mock.sentinel.other_disk_format + data.backing_file = None temp_file = mock_temp.return_value.__enter__.return_value self.assertRaises(exception.ImageUnacceptable, @@ -479,7 +482,8 @@ def test_convert_error(self, mock_os, mock_temp, mock_convert, mock_info, temp_file, mock.sentinel.disk_format, run_as_root=True) - mock_info.assert_called_once_with(temp_file, run_as_root=True) + mock_info.assert_called_with(temp_file, run_as_root=True) + self.assertEqual(mock_info.call_count, 2) self.assertFalse(image_service.update.called)
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- lists.openstack.org/pipermail/openstack-announce/2015-June/000367.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-9hcj-h2qc-689pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-1851ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2015-1206.htmlnvdWEB
- www.debian.org/security/2015/dsa-3292nvdWEB
- www.openwall.com/lists/oss-security/2015/06/13/1nvdWEB
- www.openwall.com/lists/oss-security/2015/06/17/2nvdWEB
- www.openwall.com/lists/oss-security/2015/06/17/7nvdWEB
- www.ubuntu.com/usn/USN-2703-1nvdWEB
- bugs.launchpad.net/cinder/+bug/1415087nvdWEB
- github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213ghsaWEB
- github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978ghsaWEB
- github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61ghsaWEB
- github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221bghsaWEB
News mentions
0No linked articles in our index yet.