{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "title": "information leak in libvirt LVM-backed instances", "tracking": { "current_release_date": "2026-05-07T12:27:03+00:00", "generator": { "date": "2026-05-07T12:27:03+00:00", "engine": { "name": "CSAF Generator", "version": "2.0.1" } }, "id": "CVE-2012-5625", "initial_release_date": "2012-12-26T22:00:00+00:00", "revision_history": [ { "date": "2026-05-07T12:27:03+00:00", "number": "1", "summary": "Last generated version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "category": "vendor", "name": "Red Hat", "branches": [ { "category": "product_name", "name": "Red Hat OpenStack Platform rhos-16.2.z", "product": { "name": "Red Hat OpenStack Platform rhos-16.2.z", "product_id": "openstack-16.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:16.2" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform rhos-17.1.z", "product": { "name": "Red Hat OpenStack Platform rhos-17.1.z", "product_id": "openstack-17.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:17.1" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform rhos-18.0.0", "product": { "name": "Red Hat OpenStack Platform rhos-18.0.0", "product_id": "openstack-18.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:18.0" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform", "product": { "name": "Red Hat OpenStack Platform", "product_id": "openstack-foreman::el6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:2::el6" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform", "product": { "name": "Red Hat OpenStack Platform", "product_id": "rhoscts::el6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:2::el6" } } }, { "category": "product_version", "name": "openstack-nova", "product": { "name": "openstack-nova", "product_id": "openstack-nova-0:2012.2.2-8.el6ost", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-nova@2012.2.2-8.el6ost?epoch=0" } } }, { "category": "product_version", "name": "openstack-nova", "product": { "name": "openstack-nova", "product_id": "openstack-nova.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-nova?arch=src" } } } ] } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openstack-nova-0:2012.2.2-8.el6ost as a component of Red Hat OpenStack Platform", "product_id": "rhoscts::el6:openstack-nova-0:2012.2.2-8.el6ost" }, "product_reference": "openstack-nova-0:2012.2.2-8.el6ost", "relates_to_product_reference": "rhoscts::el6" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-nova-0:2012.2.2-8.el6ost as a component of Red Hat OpenStack Platform", "product_id": "openstack-foreman::el6:openstack-nova-0:2012.2.2-8.el6ost" }, "product_reference": "openstack-nova-0:2012.2.2-8.el6ost", "relates_to_product_reference": "openstack-foreman::el6" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-nova.src as a component of Red Hat OpenStack Platform rhos-17.1.z", "product_id": "openstack-17.1:openstack-nova.src" }, "product_reference": "openstack-nova.src", "relates_to_product_reference": "openstack-17.1" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-nova.src as a component of Red Hat OpenStack Platform rhos-16.2.z", "product_id": "openstack-16.2:openstack-nova.src" }, "product_reference": "openstack-nova.src", "relates_to_product_reference": "openstack-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-nova.src as a component of Red Hat OpenStack Platform rhos-18.0.0", "product_id": "openstack-18.0:openstack-nova.src" }, "product_reference": "openstack-nova.src", "relates_to_product_reference": "openstack-18.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-5625", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2026-04-02T15:03:07+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "openstack-16.2:openstack-nova.src", "openstack-17.1:openstack-nova.src", "openstack-18.0:openstack-nova.src" ] } ], "notes": [ { "category": "description", "text": "OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "openstack-foreman::el6:openstack-nova-0:2012.2.2-8.el6ost", "rhoscts::el6:openstack-nova-0:2012.2.2-8.el6ost" ], "known_not_affected": [ "openstack-16.2:openstack-nova.src", "openstack-17.1:openstack-nova.src", "openstack-18.0:openstack-nova.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5625" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5625" }, { "category": "external", "summary": "www.cve.org", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5625" } ], "remediations": [ { "category": "vendor_fix", "date": "2013-01-30T21:04:52+00:00", "details": "Apply advisory RHSA-2013:0208 as per vendors instructions.", "product_ids": [ "openstack-foreman::el6:openstack-nova-0:2012.2.2-8.el6ost", "rhoscts::el6:openstack-nova-0:2012.2.2-8.el6ost" ], "url": "https://access.redhat.com/errata/RHSA-2013:0208" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "openstack-16.2:openstack-nova.src", "openstack-17.1:openstack-nova.src", "openstack-18.0:openstack-nova.src", "openstack-foreman::el6:openstack-nova-0:2012.2.2-8.el6ost", "rhoscts::el6:openstack-nova-0:2012.2.2-8.el6ost" ] } ], "threats": [ { "category": "impact", "details": "Moderate", "product_ids": [ "openstack-16.2:openstack-nova.src", "openstack-17.1:openstack-nova.src", "openstack-18.0:openstack-nova.src", "openstack-foreman::el6:openstack-nova-0:2012.2.2-8.el6ost", "rhoscts::el6:openstack-nova-0:2012.2.2-8.el6ost" ] } ], "title": "information leak in libvirt LVM-backed instances" } ] }