Lee Yarwood

**Name of the Vulnerable Software and Affected Versions** OpenStack Nova versions prior to 19.3.1 OpenStack Nova versions 20.x prior to 20.3.1 OpenStack Nova version 21.0.0 **Description** An issue was discovered in the Guest.migrate function in virt/libvirt/guest.py. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections, such as root and ephemeral devices, are affected. **Recommendations** For OpenStack Nova versions prior to 19.3.1, update to version 19.3.1 or later. For OpenStack Nova versions 20.x prior to 20.3.1, update to version 20.3.1 or later. For OpenStack Nova version 21.0.0, update to a version later than 21.0.0. As a temporary workaround, consider restricting access to host devices that share the same paths as previously referenced devices to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: OpenStack Nova versions 15.x through 15.1.0 OpenStack Nova versions 16.x through 16.1.1 Description: An issue in OpenStack Nova allows an attacker to access the underlying raw volume and corrupt the LUKS header by detaching and reattaching an encrypted volume. This results in a denial of service attack on the compute host. All Nova setups that support encrypted volumes are affected. Recommendations: For OpenStack Nova versions 15.x through 15.1.0, update to a version that fixes the issue to prevent denial of service attacks. For OpenStack Nova versions 16.x through 16.1.1, update to a version that fixes the issue to prevent denial of service attacks.