Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 5 Dec 2017 16:50:34 +0000
From: Jeremy Stanley <fungi@...goth.org>
To: oss-security@...ts.openwall.com
Subject: [OSSA-2017-006] Nova FilterScheduler doubles resource allocations
 during rebuild with new image (CVE-2017-17051)

==============================================================================================
OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new image
==============================================================================================

:Date: December 05, 2017
:CVE: CVE-2017-17051


Affects
~~~~~~~
- Nova: ==16.0.3


Description
~~~~~~~~~~~
Matt Riedemann from Huawei reported a vulnerability in OpenStack
Nova's default FilterScheduler. By repeatedly rebuilding an instance
with new images, an authenticated user may consume untracked resources
on a hypervisor host leading to a denial of service. This regression
was introduced with the fix for OSSA-2017-005 (CVE-2017-16239),
however, only Nova stable/pike or later deployments with that fix
applied and relying on the default FilterScheduler are affected.


Patches
~~~~~~~
- https://review.openstack.org/523214 (Pike)
- https://review.openstack.org/521662 (Queens)


Credits
~~~~~~~
- Matt Riedemann from Huawei (CVE-2017-17051)


References
~~~~~~~~~~
- https://launchpad.net/bugs/1732976
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051

-- 
Jeremy Stanley
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.