Medium severity5.3NVD Advisory· Published Apr 12, 2016· Updated Jun 17, 2026
CVE-2016-2140
CVE-2016-2140
Description
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | >= 12.0.0, < 12.0.3 | 12.0.3 |
Affected products
26- ghsa-coords25 versionspkg:pypi/novapkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-networking-cisco&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-openstackclient&distro=SUSE%20OpenStack%20Cloud%206
>= 12.0.0, < 12.0.3+ 24 more
- (no CPE)range: >= 12.0.0, < 12.0.3
- (no CPE)range: < 5.0.4~a0~dev6-6.1
- (no CPE)range: < 5.0.4~a0~dev6-6.2
- (no CPE)range: < 7.0.3~a0~dev2-7.1
- (no CPE)range: < 7.0.3~a0~dev2-7.1
- (no CPE)range: < 8.0.2~a0~dev34-8.1
- (no CPE)range: < 11.0.2~a0~dev13-7.1
- (no CPE)range: < 11.0.2~a0~dev13-7.1
- (no CPE)range: < 5.0.2~a0~dev93-9.1
- (no CPE)range: < 5.0.2~a0~dev93-9.3
- (no CPE)range: < 8.1.1~a0~dev13-3.1
- (no CPE)range: < 8.1.1~a0~dev13-3.2
- (no CPE)range: < 1.0.2~a0~dev11-9.1
- (no CPE)range: < 1.0.2~a0~dev11-9.2
- (no CPE)range: < 7.1.2~a0~dev29-10.1
- (no CPE)range: < 7.1.2~a0~dev29-10.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 7.1.2~a0~dev1-6.1
- (no CPE)range: < 12.0.5~a0~dev2-7.1
- (no CPE)range: < 12.0.5~a0~dev2-7.1
- (no CPE)range: < 1.0+git.1467079370.4f2c49d-7.1
- (no CPE)range: < 2.1.1-6.1
- (no CPE)range: < 1.7.2-4.1
Patches
Vulnerability mechanics
References
16- security.openstack.org/ossa/OSSA-2016-007.htmlnvdPatchVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/03/08/6nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/84277nvdThird Party AdvisoryVDB EntryWEB
- bugs.launchpad.net/nova/+bug/1548450nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-49jv-37hm-6gfpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-2140ghsaADVISORY
- seclists.org/oss-sec/2016/q1/563ghsaWEB
- access.redhat.com/errata/RHSA-2016:0363ghsaWEB
- access.redhat.com/errata/RHSA-2016:0364ghsaWEB
- access.redhat.com/errata/RHSA-2016:0365ghsaWEB
- access.redhat.com/errata/RHSA-2016:0366ghsaWEB
- access.redhat.com/security/cve/CVE-2016-2140ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793ghsaWEB
- github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701ghsaWEB
- github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666ghsaWEB
News mentions
0No linked articles in our index yet.