CVE-2022-37394

Name of the Vulnerable Software and Affected Versions OpenStack Nova versions prior to 23.2.2 OpenStack Nova versions 24.x prior to 24.1.2 OpenStack Nova versions 25.x prior to 25.0.2

Description An issue was discovered in OpenStack Nova where an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. This can be achieved by creating a neutron port with the direct vnic type, creating an instance bound to that port, and then changing the vnic type of the bound port to macvtap. Only Nova deployments configured with SR-IOV are affected.

Recommendations For OpenStack Nova versions prior to 23.2.2, update to version 23.2.2 or later. For OpenStack Nova versions 24.x prior to 24.1.2, update to version 24.1.2 or later. For OpenStack Nova versions 25.x prior to 25.0.2, update to version 25.0.2 or later. As a temporary workaround, consider restricting the ability to change the vnic type of bound ports to prevent the compute service from failing to restart.