CVE-2013-6437
Published: 6 March 2014
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
Priority
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2013-037 in precise and quantal, code is in connection.py seems to be introduced by: https://git.openstack.org/cgit/openstack/nova/commit/nova/virt/libvirt/driver.py?id=0cecdf4b8632d3a4eea816869796b03e8b928256 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437
- http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html
- NVD
- Launchpad
- Debian