OSSA-2012-009: Scheduler denial of service through scheduler_hints¶
July 11, 2012
Nova: Essex, Folsom series
Dan Prince from Red Hat reported a vulnerability in Nova scheduler nodes. By creating servers with malicious scheduler_hints, an authenticated user may generate a huge amount of database calls, potentially resulting in a Denial of Service attack against Nova scheduler nodes. Only setups exposing the OpenStack API and enabling DifferentHostFilter and/or SameHostFilter are affected.
Dan Prince from Red Hat (CVE-2012-3371)