CVE-2022-37394 – nova

Package

Manager: pip
Name: nova
Vulnerable Version: >=0 <23.2.2 || >=24.0.0 <24.1.2 || >=25.0.0 <25.0.2

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00051 pctl0.15674

Details

OpenStack Nova Changing vnic_type breaks compute service restart An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

Metadata

Created: 2022-08-04T00:00:26Z
Modified: 2024-05-14T21:27:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-v725-c588-h936/GHSA-v725-c588-h936.json
CWE IDs: []
Alternative ID: GHSA-v725-c588-h936
Finding: F067
Auto approve: 1