Denial of Service Vulnerability in OpenStack Compute by OpenStack
CVE-2015-3241

Currently unrated

Key Information:

Vendor: Openstack
Status: Nova
Vendor: CVE Published:; 8 September 2015

Summary

OpenStack Compute (nova) allows remote authenticated users to exploit a flaw in the instance deletion process while the migration function is active. By resizing and subsequently deleting an instance, users can inadvertently consume excessive disk, network, and other resources, leading to a denial of service condition. This vulnerability affects several versions of nova, allowing targeted attacks that can degrade system performance and availability.

References

http://rhn.redhat.com/errata/RHSA-2015-1723.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/75372

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2015-1898.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Sep 8, 2015
Vulnerability Reserved
Apr 10, 2015