Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close


Published: 19 February 2018

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.



Cvss 3 Severity Score


Score breakdown


Package Release Status
Launchpad, Ubuntu, Debian
Released (2:16.1.2-0ubuntu1)
bionic Not vulnerable
cosmic Not vulnerable
disco Not vulnerable
eoan Not vulnerable
focal Not vulnerable
trusty Does not exist
(trusty was needed)
Released (15.1.1,16.1.2)
groovy Not vulnerable
hirsute Not vulnerable
Released (2:13.1.4-0ubuntu4.5+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
impish Not vulnerable
jammy Not vulnerable
kinetic Not vulnerable
upstream: (pike)
upstream: (queens)
upstream: (ocata)

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H