CVE-2011-3147: Openstack nova qcow format could expose host filesystem information

April 22, 2022 (updated May 9, 2024)

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.

References

bugs.launchpad.net/nova/+bug/853330
github.com/advisories/GHSA-hqfx-4x4w-vmwp
github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84
nvd.nist.gov/vuln/detail/CVE-2011-3147

Detect and mitigate CVE-2011-3147 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →