Launchpad.net

CVE 2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Related bugs and status

CVE-2017-15139 (Candidate) is related to these bugs:

Bug #1699573: ScaleIO volumes contain previous data

		In	Importance	Status
1699573	ScaleIO volumes contain previous data	Cinder	High	Fix Released
1699573	ScaleIO volumes contain previous data	OpenStack Security Advisory	Undecided	Won't Fix
1699573	ScaleIO volumes contain previous data	OpenStack Security Notes	Undecided	Fix Released

Bug #1784871: ScaleIO (thin) volumes contain previous data (follow-up to 1699573)

Summary				In	Importance	Status
	1784871	ScaleIO (thin) volumes contain previous data (follow-up to 1699573)		Cinder	Undecided	Fix Released
	1784871	ScaleIO (thin) volumes contain previous data (follow-up to 1699573)		OpenStack Security Advisory	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-15139

Related bugs and status

Related bugs

References