PT-2017-14684 · Openstack · Openstack Nova

Matt Riedemann

Published

2017-12-05

Updated

2022-05-13

CVE-2017-17051

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenStack Nova versions 16.0.3

Description An issue in the default FilterScheduler allows an authenticated user to cause a denial of service by consuming untracked resources on a hypervisor host through repeated instance rebuilding with new images. This leads to doubled resource allocations.

Recommendations For OpenStack Nova version 16.0.3, consider disabling the default FilterScheduler as a temporary workaround until a patch is available. Restrict access to instance rebuilding with new images to minimize the risk of exploitation.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2017-17051

GHSA-VQ76-RXX3-4R4R

SUSE-SU-2019:2219-1

SUSE-SU-2019:2267-1

Affected Products

Openstack Nova

PT-2017-14684 · Openstack · Openstack Nova

CVE-2017-17051

Weakness Enumeration

Related Identifiers

Affected Products

References · 136