CVE-2017-17051 Information

Description

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Reference

http://www.securityfocus.com/bid/102102 https://launchpad.net/bugs/1732976 https://review.openstack.org/521662 https://review.openstack.org/523214 https://security.openstack.org/ossa/OSSA-2017-006.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

8.6