CVE-2015-3241

Name of the Vulnerable Software and Affected Versions OpenStack Compute (nova) versions 2015.1 through 2015.1.1 OpenStack Compute (nova) version 2014.2.3 and earlier

Description The issue allows remote authenticated users to cause a denial of service by consuming disk, network, and other resources. This is achieved by resizing and then deleting an instance, which does not stop the migration process. An authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance.

Recommendations For OpenStack Compute (nova) versions 2015.1 through 2015.1.1, update to a version that stops the migration process when an instance is deleted to prevent denial of service. For OpenStack Compute (nova) version 2014.2.3 and earlier, update to a version that stops the migration process when an instance is deleted to prevent denial of service. As a temporary workaround, consider restricting the ability to resize and delete instances to minimize the risk of exploitation.