Vulnerability in OpenStack Nova Affects Encrypted Volume Management
CVE-2017-18191

7.5HIGH

Key Information:

Vendor
Openstack
Status
Nova
Vendor
CVE Published:
19 February 2018

Summary

A flaw exists in OpenStack Nova versions 15.x up to 15.1.0 and 16.x up to 16.1.1, where the detachment and reattachment of encrypted volumes can result in unauthorized access to the underlying raw volume. This vulnerability exposes the LUKS header to potential corruption, which can lead to a denial of service on the compute host. All configurations of Nova that utilize encrypted volumes are impacted, allowing attackers to potentially disrupt services.

References

http://www.securityfocus.com/bid/103104
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:2714
vendor-advisoryx_refsource_REDHAT
https://review.openstack.org/539893
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.