CVE-2018-14636

Name of the Vulnerable Software and Affected Versions openstack-neutron versions prior to 13.0.0.0b2 openstack-neutron versions prior to 12.0.3 openstack-neutron versions prior to 11.0.5

Description A security issue allows live-migrated instances to briefly inspect traffic for other instances on the same hypervisor. This can be extended indefinitely if the instance's port is set administratively down before and after live-migration. The issue arises from the Open vSwitch integration bridge being connected to the instance during migration, potentially making all traffic for instances using the same Open vSwitch instance visible to the migrated guest. This is because the required Open vSwitch VLAN filters are only applied post-migration.

Recommendations For versions prior to 13.0.0.0b2, update to version 13.0.0.0b2 or later. For versions prior to 12.0.3, update to version 12.0.3 or later. For versions prior to 11.0.5, update to version 11.0.5 or later.