CVE-2012-5625

NameCVE-2012-5625
DescriptionOpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nova (PTS)stretch (security), stretch2:14.0.0-4+deb9u1fixed
buster2:18.1.0-6fixed
bullseye, sid2:22.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
novasource(unstable)(not affected)

Notes

- nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
Search for package or bug name: Reporting problems