CVE-2013-6437
Published: 6 March 2014
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2013-037 in precise and quantal, code is in connection.py seems to be introduced by: https://git.openstack.org/cgit/openstack/nova/commit/nova/virt/libvirt/driver.py?id=0cecdf4b8632d3a4eea816869796b03e8b928256 |
Priority
Status
Package | Release | Status |
---|---|---|
nova Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(1:2013.2.2-0ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://review.openstack.org/62910 upstream: https://review.openstack.org/62912 upstream: https://review.openstack.org/62913 |