Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close


Published: 10 September 2018

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before, 12.0.3 and 11.0.5 are vulnerable.



Cvss 3 Severity Score


Score breakdown


Package Release Status
Launchpad, Ubuntu, Debian
Released (2:12.0.3-0ubuntu1)
cosmic Not vulnerable
disco Not vulnerable
eoan Not vulnerable
focal Not vulnerable
trusty Does not exist
(trusty was needs-triage)
impish Not vulnerable
xenial Needed

jammy Not vulnerable
kinetic Not vulnerable
lunar Not vulnerable
groovy Not vulnerable
hirsute Not vulnerable
Released (12.0.4)
mantic Not vulnerable
upstream: (ocata, 10.x)
upstream: (queens, 12.x)

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H