Denial of Service in OpenStack Nova Due to VNIC Type Manipulation
CVE-2022-37394

3.3LOW

Key Information:

Vendor

Openstack
Status
Nova
Vendor
CVE Published:
3 August 2022

What is CVE-2022-37394?

A vulnerability in OpenStack Nova allows authenticated users to exploit the vnic_type parameter when creating a neutron port. Specifically, by creating a port with direct vnic_type and subsequently changing the port's vnic_type to macvtap after binding an instance, users can trigger a failure in the compute service’s restart process. This can lead to a denial of service, particularly affecting Nova deployments configured with SR-IOV, showcasing the need for caution in configuration and management practices.

References

https://bugs.launchpad.net/ossa/+bug/1981813
x_refsource_MISC
https://review.opendev.org/c/openstack/nova/+/849985
x_refsource_MISC
https://review.opendev.org/c/openstack/nova/+/850003
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.