CVE-2013-6437
Published: 6 March 2014
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
nova Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Ignored
(reached end-of-life)
|
|
| saucy |
Not vulnerable
(1:2013.2.2-0ubuntu1)
|
|
| trusty |
Not vulnerable
(1:2014.1~b3-0ubuntu2)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: https://review.openstack.org/62910 (icehouse) upstream: https://review.openstack.org/62912 (havana) upstream: https://review.openstack.org/62913 (grizzly) |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | OSSA 2013-037 in precise and quantal, code is in connection.py seems to be introduced by: https://git.openstack.org/cgit/openstack/nova/commit/nova/virt/libvirt/driver.py?id=0cecdf4b8632d3a4eea816869796b03e8b928256 |