CVE-2017-17051
Published: 5 December 2017
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
Notes
| Author | Note |
|---|---|
| mdeslaur | only affects pike and later |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nova Launchpad, Ubuntu, Debian |
artful |
Released
(2:16.1.2-0ubuntu1)
|
| bionic |
Not vulnerable
(2:17.0.0~rc2-0ubuntu1)
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| zesty |
Ignored
(end of life)
|
|
|
Patches: upstream: https://review.openstack.org/521662 upstream: https://review.openstack.org/523214 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.6 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |