OSSA-2014-037: Nova VMware instance in resize state may leak

OSSA-2014-037: Nova VMware instance in resize state may leak¶

Date:: October 21, 2014
CVE:: CVE-2014-8333

Affects¶

Nova: up to 2014.1.3

Description¶

Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an authenticated user deletes an instance while it is in resize state, it will cause the original instance to not be deleted. An attacker can use this to launch a denial of service attack. All Nova VMware setups are affected.

Patches¶

https://review.openstack.org/125492 (Icehouse)
https://review.openstack.org/118595 (Juno)

Credits¶

Zhu Zhu from IBM (CVE-2014-8333)

References¶

this page last updated: 2024-03-18 15:52:07

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.