OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new image

OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new image¶

Date:: December 05, 2017
CVE:: CVE-2017-17051

Affects¶

Nova: ==16.0.3

Description¶

Matt Riedemann from Huawei reported a vulnerability in OpenStack Nova’s default FilterScheduler. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239), however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

Patches¶

https://review.openstack.org/523214 (Pike)
https://review.openstack.org/521662 (Queens)

Credits¶

Matt Riedemann from Huawei (CVE-2017-17051)

References¶

this page last updated: 2025-08-14 17:43:06

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.