What is GHSA-rwhr-h69g-8qmq?

GHSA-rwhr-h69g-8qmq is a security advisory published by GitHub Security Advisories with Medium severity. OpenStack Nova Information leak in libvirt LVM-backed instances

Which CVE IDs does GHSA-rwhr-h69g-8qmq cover?

GHSA-rwhr-h69g-8qmq covers the following CVE IDs: CVE-2012-5625. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

Which products are affected by GHSA-rwhr-h69g-8qmq?

GHSA-rwhr-h69g-8qmq affects 1 product, including: pip/nova:\u003c 12.0.0a0.

GHSA-rwhr-h69g-8qmqMedium

OpenStack Nova Information leak in libvirt LVM-backed instances

Vendor

GitHub Security Advisories

Published

May 17, 2022

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2012-5625 →

📋 Description

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

🎯 Affected products1

pip/nova:< 12.0.0a0

🔗 References (12)

https://nvd.nist.gov/vuln/detail/CVE-2012-5625
https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f
https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354
https://bugs.launchpad.net/nova/+bug/1070539
https://bugzilla.redhat.com/show_bug.cgi?id=884293
https://launchpad.net/nova/folsom/2012.2.2
http://rhn.redhat.com/errata/RHSA-2013-0208.html
http://www.openwall.com/lists/oss-security/2012/12/11/5
http://www.ubuntu.com/usn/USN-1663-1
https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-42.yaml
https://github.com/advisories/GHSA-rwhr-h69g-8qmq