An issue exists in OpenStack Nova 15.x up to and including 15.1.0 and 16.x up to and including 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack nova |
||
redhat openstack 9 |
||
redhat openstack 12 |
||
redhat openstack 10 |