[Openstack] [OSSA-2017-006] Nova FilterScheduler doubles resource allocations during rebuild with new image (CVE-2017-17051)
Jeremy Stanley
fungi at yuggoth.org
Tue Dec 5 16:40:48 UTC 2017
==============================================================================================
OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new image
==============================================================================================
:Date: December 05, 2017
:CVE: CVE-2017-17051
Affects
~~~~~~~
- Nova: ==16.0.3
Description
~~~~~~~~~~~
Matt Riedemann from Huawei reported a vulnerability in OpenStack
Nova's default FilterScheduler. By repeatedly rebuilding an instance
with new images, an authenticated user may consume untracked resources
on a hypervisor host leading to a denial of service. This regression
was introduced with the fix for OSSA-2017-005 (CVE-2017-16239),
however, only Nova stable/pike or later deployments with that fix
applied and relying on the default FilterScheduler are affected.
Patches
~~~~~~~
- https://review.openstack.org/523214 (Pike)
- https://review.openstack.org/521662 (Queens)
Credits
~~~~~~~
- Matt Riedemann from Huawei (CVE-2017-17051)
References
~~~~~~~~~~
- https://launchpad.net/bugs/1732976
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
--
Jeremy Stanley
OpenStack Vulnerability Management Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20171205/7049d470/attachment.sig>
More information about the Openstack
mailing list