Back to search
CVE-2017-18191
Published: Feb 19, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
103104
vdb-entry
x_refsource_BID
RHSA-2018:2714
vendor-advisory
x_refsource_REDHAT
https://review.openstack.org/539893
x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2018/04/20/3
x_refsource_MISC
https://security.openstack.org/ossa/OSSA-2018-001.html
x_refsource_CONFIRM
RHSA-2018:2332
vendor-advisory
x_refsource_REDHAT
https://launchpad.net/bugs/1739593
x_refsource_CONFIRM
RHSA-2018:2855
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now