OSSA-2014-017: Nova VMware driver leaks rescued images¶
May 29, 2014
Nova: from 2013.2 to 2013.2.3, and 2014.1
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By requesting Nova place an image into rescue, then deleting the image, an authenticated user my exceed their quota. This can result in a denial of service via excessive resource consumption. Only setups using the Nova VMware driver are affected.
Jaroslav Henner from Red Hat (CVE-2014-2573)