Published: 26/08/2020 Updated: 14/09/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.3 | Impact Score: 5.5 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

An issue exists in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova prior to 19.3.1, 20.x prior to 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack nova
openstack nova 21.0.0

Debian Bug report logs - #969052 nova: CVE-2020-17376 Package: src:nova; Maintainer for src:nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Aug 2020 18:27:01 UTC Severity: grave Tags: security, upstream Found in version nova/2:2100-3 ...

Synopsis Important: openstack-nova security update Type/Severity Security Advisory: Important Topic An update for openstack-nova is now available for Red Hat OpenStackPlatform 13 (Queens)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring S ...

Synopsis Important: openstack-nova security update Type/Severity Security Advisory: Important Topic An update for openstack-nova is now available for Red Hat OpenStackPlatform 10 (Newton)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring S ...

Synopsis Important: openstack-nova security update Type/Severity Security Advisory: Important Topic An update for openstack-nova is now available for Red Hat OpenStackPlatform 15 (Stein)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sy ...

Synopsis Important: openstack-nova security update Type/Severity Security Advisory: Important Topic An update for openstack-nova is now available for Red Hat OpenStackPlatform 161 (Train)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring ...

Synopsis Important: openstack-nova security update Type/Severity Security Advisory: Important Topic An update for openstack-nova is now available for Red Hat OpenStackPlatform 16 (Train)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sy ...

CWE-611 https://launchpad.net/bugs/1890501 https://security.openstack.org/ossa/OSSA-2020-006.html http://www.openwall.com/lists/oss-security/2020/08/25/4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052 https://nvd.nist.gov

CVE-2020-17376

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect