CVE-2017-18191 Information

Feb 14, 2021 cve

Description

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume an attacker may access the underlying raw volume and corrupt the LUKS header resulting in a denial of service attack on the compute host. (The same code error also results in data loss but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://openwall.com/lists/oss-security/2018/04/20/3 http://www.securityfocus.com/bid/103104 https://access.redhat.com/errata/RHSA-2018:2332 https://access.redhat.com/errata/RHSA-2018:2714 https://access.redhat.com/errata/RHSA-2018:2855 https://launchpad.net/bugs/1739593 https://review.openstack.org/539893 https://security.openstack.org/ossa/OSSA-2018-001.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: