CVE-2020-17376

Name of the Vulnerable Software and Affected Versions OpenStack Nova versions prior to 19.3.1 OpenStack Nova versions 20.x prior to 20.3.1 OpenStack Nova version 21.0.0

Description An issue was discovered in the Guest.migrate function in virt/libvirt/guest.py. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections, such as root and ephemeral devices, are affected.

Recommendations For OpenStack Nova versions prior to 19.3.1, update to version 19.3.1 or later. For OpenStack Nova versions 20.x prior to 20.3.1, update to version 20.3.1 or later. For OpenStack Nova version 21.0.0, update to a version later than 21.0.0. As a temporary workaround, consider restricting access to host devices that share the same paths as previously referenced devices to minimize the risk of exploitation.