VYPR
Medium severity5.3NVD Advisory· Published Apr 12, 2016· Updated Jun 17, 2026

CVE-2016-2140

CVE-2016-2140

Description

The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
novaPyPI
>= 12.0.0, < 12.0.312.0.3

Affected products

26

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.