OSSA-2014-017: Nova VMware driver leaks rescued images

Date:

May 29, 2014

CVE:

CVE-2014-2573

Affects

  • Nova: from 2013.2 to 2013.2.3, and 2014.1

Description

Jaroslav Henner from Red Hat reported a vulnerability in Nova. By requesting Nova place an image into rescue, then deleting the image, an authenticated user my exceed their quota. This can result in a denial of service via excessive resource consumption. Only setups using the Nova VMware driver are affected.

Patches

Credits

  • Jaroslav Henner from Red Hat (CVE-2014-2573)

References