Vulnerabilities > CVE-2017-18191

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

openstack

redhat

NVD

Published: 2018-02-19

Updated: 2019-10-03

Summary

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.

Vulnerable Configurations

Part	Description	Count
Application	Openstack Openstack Nova 15.0.0 Openstack Nova 15.0.1 Openstack Nova 15.0.2 Openstack Nova 15.0.3 Openstack Nova 15.0.4 Openstack Nova 15.0.5 Openstack Nova 15.0.6 Openstack Nova 15.0.7 Openstack Nova 15.0.8 Openstack Nova 15.1.0 Openstack Nova 16.0.0 Openstack Nova 16.0.1 Openstack Nova 16.0.2 Openstack Nova 16.0.3 Openstack Nova 16.0.4 Openstack Nova 16.1.0 Openstack Nova 16.1.1	27
Application	Redhat Redhat Openstack 9 Redhat Openstack 10 Redhat Openstack 12	3

Redhat

advisories

rhsa
id RHSA-2018:2332
rhsa
id RHSA-2018:2714
rhsa
id RHSA-2018:2855

rpms

openstack-nova-1:16.1.4-6.el7ost
openstack-nova-api-1:16.1.4-6.el7ost
openstack-nova-cells-1:16.1.4-6.el7ost
openstack-nova-common-1:16.1.4-6.el7ost
openstack-nova-compute-1:16.1.4-6.el7ost
openstack-nova-conductor-1:16.1.4-6.el7ost
openstack-nova-console-1:16.1.4-6.el7ost
openstack-nova-migration-1:16.1.4-6.el7ost
openstack-nova-network-1:16.1.4-6.el7ost
openstack-nova-novncproxy-1:16.1.4-6.el7ost
openstack-nova-placement-api-1:16.1.4-6.el7ost
openstack-nova-scheduler-1:16.1.4-6.el7ost
openstack-nova-serialproxy-1:16.1.4-6.el7ost
openstack-nova-spicehtml5proxy-1:16.1.4-6.el7ost
python-nova-1:16.1.4-6.el7ost
python-nova-tests-1:16.1.4-6.el7ost
openstack-nova-1:14.1.0-26.el7ost
openstack-nova-api-1:14.1.0-26.el7ost
openstack-nova-cells-1:14.1.0-26.el7ost
openstack-nova-cert-1:14.1.0-26.el7ost
openstack-nova-common-1:14.1.0-26.el7ost
openstack-nova-compute-1:14.1.0-26.el7ost
openstack-nova-conductor-1:14.1.0-26.el7ost
openstack-nova-console-1:14.1.0-26.el7ost
openstack-nova-migration-1:14.1.0-26.el7ost
openstack-nova-network-1:14.1.0-26.el7ost
openstack-nova-novncproxy-1:14.1.0-26.el7ost
openstack-nova-placement-api-1:14.1.0-26.el7ost
openstack-nova-scheduler-1:14.1.0-26.el7ost
openstack-nova-serialproxy-1:14.1.0-26.el7ost
openstack-nova-spicehtml5proxy-1:14.1.0-26.el7ost
python-nova-1:14.1.0-26.el7ost
python-nova-tests-1:14.1.0-26.el7ost
openstack-nova-1:13.1.4-24.el7ost
openstack-nova-api-1:13.1.4-24.el7ost
openstack-nova-cells-1:13.1.4-24.el7ost
openstack-nova-cert-1:13.1.4-24.el7ost
openstack-nova-common-1:13.1.4-24.el7ost
openstack-nova-compute-1:13.1.4-24.el7ost
openstack-nova-conductor-1:13.1.4-24.el7ost
openstack-nova-console-1:13.1.4-24.el7ost
openstack-nova-migration-1:13.1.4-24.el7ost
openstack-nova-network-1:13.1.4-24.el7ost
openstack-nova-novncproxy-1:13.1.4-24.el7ost
openstack-nova-scheduler-1:13.1.4-24.el7ost
openstack-nova-serialproxy-1:13.1.4-24.el7ost
openstack-nova-spicehtml5proxy-1:13.1.4-24.el7ost
python-nova-1:13.1.4-24.el7ost
python-nova-tests-1:13.1.4-24.el7ost

Vulnerabilities > CVE-2017-18191 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2017-18191"}]}

Summary

Vulnerable Configurations

Redhat

References

Vulnerabilities > CVE-2017-18191