Your submission was sent successfully! Close

CVE-2013-6437

Published: 6 March 2014

The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.

Priority

Medium

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable

quantal Not vulnerable

raring Ignored
(reached end-of-life)
saucy Not vulnerable
(1:2013.2.2-0ubuntu1)
trusty Not vulnerable
(1:2014.1~b3-0ubuntu2)
upstream Needs triage

Patches:
upstream: https://review.openstack.org/62910 (icehouse)
upstream: https://review.openstack.org/62912 (havana)
upstream: https://review.openstack.org/62913 (grizzly)

Notes

AuthorNote
mdeslaur
OSSA 2013-037
in precise and quantal, code is in connection.py
seems to be introduced by:
https://git.openstack.org/cgit/openstack/nova/commit/nova/virt/libvirt/driver.py?id=0cecdf4b8632d3a4eea816869796b03e8b928256

References