Date: Tue, 5 Dec 2017 16:50:34 +0000 From: Jeremy Stanley <fungi@...goth.org> To: oss-security@...ts.openwall.com Subject: [OSSA-2017-006] Nova FilterScheduler doubles resource allocations during rebuild with new image (CVE-2017-17051) ============================================================================================== OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new image ============================================================================================== :Date: December 05, 2017 :CVE: CVE-2017-17051 Affects ~~~~~~~ - Nova: ==16.0.3 Description ~~~~~~~~~~~ Matt Riedemann from Huawei reported a vulnerability in OpenStack Nova's default FilterScheduler. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239), however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected. Patches ~~~~~~~ - https://review.openstack.org/523214 (Pike) - https://review.openstack.org/521662 (Queens) Credits ~~~~~~~ - Matt Riedemann from Huawei (CVE-2017-17051) References ~~~~~~~~~~ - https://launchpad.net/bugs/1732976 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051 -- Jeremy Stanley OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ