OSSA-2013-037: Nova compute DoS through ephemeral disk backing files

OSSA-2013-037: Nova compute DoS through ephemeral disk backing files

Date:December 18, 2013
CVE:CVE-2013-6437

Affects

  • Nova: All supported versions

Description

Phil Day from HP reported a vulnerability in the libvirt driver handling of ephemeral disk backing files on Nova compute nodes. By repeatedly creating snapshots, changing the os_type to a new random value, and spawning new instances from the snapshot (and quickly deleting those instances), an authenticated user could generate lots of different ephemeral disk backing files and fill up compute node disks, potentially resulting in a Denial of Service against a Nova setup. Only Nova setups running the libvirt driver are affected.

Credits

  • Phil Day from HP (CVE-2013-6437)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.