38 lines
999 B
YAML
38 lines
999 B
YAML
date: 2017-12-05
|
|
|
|
id: OSSA-2017-006
|
|
|
|
title: Nova FilterScheduler doubles resource allocations during rebuild with new image
|
|
|
|
description: >
|
|
Matt Riedemann from Huawei reported a vulnerability in OpenStack Nova's
|
|
default FilterScheduler. By repeatedly rebuilding an instance with new
|
|
images, an authenticated user may consume untracked resources on a hypervisor
|
|
host leading to a denial of service. This regression was introduced with the
|
|
fix for OSSA-2017-005 (CVE-2017-16239), however, only Nova stable/pike or
|
|
later deployments with that fix applied and relying on the default
|
|
FilterScheduler are affected.
|
|
|
|
affected-products:
|
|
- product: nova
|
|
version: "==16.0.3"
|
|
|
|
vulnerabilities:
|
|
- cve-id: CVE-2017-17051
|
|
|
|
reporters:
|
|
- name: Matt Riedemann
|
|
affiliation: Huawei
|
|
reported:
|
|
- CVE-2017-17051
|
|
|
|
issues:
|
|
links:
|
|
- https://launchpad.net/bugs/1732976
|
|
|
|
reviews:
|
|
queens:
|
|
- https://review.openstack.org/521662
|
|
pike:
|
|
- https://review.openstack.org/523214
|