OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new image

Date:December 05, 2017


  • Nova: ==16.0.3


Matt Riedemann from Huawei reported a vulnerability in OpenStack Nova’s default FilterScheduler. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239), however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.


  • Matt Riedemann from Huawei (CVE-2017-17051)