Published: 03/08/2022 Updated: 10/08/2022

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 0

An issue exists in OpenStack Nova prior to 23.2.2, 24.x prior to 24.1.2, and 25.x prior to 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack nova

Synopsis Low: Red Hat OpenStack Platform 162 (openstack-nova) security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openstack-nova is now available for Red Hat OpenStackPlatform 162 (Train)Red Hat Pro ...

Debian Bug report logs - #1016980 nova: CVE-2022-37394 Package: src:nova; Maintainer for src:nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 10 Aug 2022 20:15:12 UTC Severity: important Tags: security, upstream Reply or subscribe to this ...

An issue was discovered in OpenStack Nova before 2322, 24x before 2412, and 25x before 2502 By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possi ...

NVD-CWE-noinfo https://bugs.launchpad.net/ossa/+bug/1981813 https://review.opendev.org/c/openstack/nova/+/850003 https://review.opendev.org/c/openstack/nova/+/849985 https://access.redhat.com/errata/RHSA-2023:1948 https://nvd.nist.gov

CVE-2022-37394

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect