Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 20 Apr 2018 14:48:08 +0000
From: Tristan Cacqueray <>
Subject: [OSSA-2018-001] Raw underlying encrypted volume access

OSSA-2018-001: Raw underlying encrypted volume access

:Date: April 20, 2018
:CVE: CVE-2017-18191

- Nova: >=15.0.0 <=15.1.0, >=16.0.0 <=16.1.1

Lee Yarwood (Red Hat) reported a vulnerability in Nova encrypted
volumes handling. By detaching and reattaching an encrypted volume an
attacker may access the underlying raw volume and corrupt the LUKS
header resuling in a denial of service attack on the compute host. All
Nova setups supporting encrypted volumes are affected.

- (Ocata)
- (Pike)
- (Queens)

- Lee Yarwood from Red Hat (CVE-2017-18191)


- Pike and Ocata patches disable encrypted volume swapping, this feature is now
  only supported in Nova version >= 17.0.0.

Tristan Cacqueray
OpenStack Vulnerability Management Team

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ