Vulnerabilities > CVE-2022-37394 - Unspecified vulnerability in Openstack Nova
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.
Vulnerable Configurations
References
- https://bugs.launchpad.net/ossa/+bug/1981813
- https://review.opendev.org/c/openstack/nova/+/849985
- https://review.opendev.org/c/openstack/nova/+/850003
- https://bugs.launchpad.net/ossa/+bug/1981813
- https://review.opendev.org/c/openstack/nova/+/850003
- https://review.opendev.org/c/openstack/nova/+/849985