CVE-2016-7498

Name of the Vulnerable Software and Affected Versions OpenStack Compute (nova) version 13.0.0

Description The issue allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state, due to improper deletion of instances from compute nodes. This problem exists because of a regression related to a previous issue.

Recommendations For OpenStack Compute (nova) version 13.0.0, consider implementing proper instance deletion mechanisms to prevent disk consumption when instances are deleted during the resize state. As a temporary workaround, restrict the ability to delete instances while they are in the resize state to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.