Date: Fri, 20 Apr 2018 14:48:08 +0000 From: Tristan Cacqueray <tdecacqu@...hat.com> To: oss-security@...ts.openwall.com Subject: [OSSA-2018-001] Raw underlying encrypted volume access (CVE-2017-18191) ===================================================== OSSA-2018-001: Raw underlying encrypted volume access ===================================================== :Date: April 20, 2018 :CVE: CVE-2017-18191 Affects ~~~~~~~ - Nova: >=15.0.0 <=15.1.0, >=16.0.0 <=16.1.1 Description ~~~~~~~~~~~ Lee Yarwood (Red Hat) reported a vulnerability in Nova encrypted volumes handling. By detaching and reattaching an encrypted volume an attacker may access the underlying raw volume and corrupt the LUKS header resuling in a denial of service attack on the compute host. All Nova setups supporting encrypted volumes are affected. Patches ~~~~~~~ - https://review.openstack.org/561604 (Ocata) - https://review.openstack.org/543569 (Pike) - https://review.openstack.org/460243 (Queens) Credits ~~~~~~~ - Lee Yarwood from Red Hat (CVE-2017-18191) References ~~~~~~~~~~ - https://launchpad.net/bugs/1739593 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191 Notes ~~~~~ - Pike and Ocata patches disable encrypted volume swapping, this feature is now only supported in Nova version >= 17.0.0. -- Tristan Cacqueray OpenStack Vulnerability Management Team Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.