Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 5 Dec 2017 16:50:34 +0000
From: Jeremy Stanley <fungi@...goth.org>
To: oss-security@...ts.openwall.com
Subject: [OSSA-2017-006] Nova FilterScheduler doubles resource allocations
 during rebuild with new image (CVE-2017-17051)

==============================================================================================
OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new image
==============================================================================================

:Date: December 05, 2017
:CVE: CVE-2017-17051


Affects
~~~~~~~
- Nova: ==16.0.3


Description
~~~~~~~~~~~
Matt Riedemann from Huawei reported a vulnerability in OpenStack
Nova's default FilterScheduler. By repeatedly rebuilding an instance
with new images, an authenticated user may consume untracked resources
on a hypervisor host leading to a denial of service. This regression
was introduced with the fix for OSSA-2017-005 (CVE-2017-16239),
however, only Nova stable/pike or later deployments with that fix
applied and relying on the default FilterScheduler are affected.


Patches
~~~~~~~
- https://review.openstack.org/523214 (Pike)
- https://review.openstack.org/521662 (Queens)


Credits
~~~~~~~
- Matt Riedemann from Huawei (CVE-2017-17051)


References
~~~~~~~~~~
- https://launchpad.net/bugs/1732976
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051

-- 
Jeremy Stanley
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ