CVE-2017-18191

CWE-20Improper Input Validation10 documents8 sources
Severity
7.5HIGH
EPSS
2.5%
top 14.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack NovaRedhat Openstack
Timeline
PublishedFeb 19
Latest updateFeb 13

Description

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDopenstack/nova15.0.015.1.0+1
PyPInova15.0.015.1.1+1
Debiannova< 2:17.0.0-1+3
NVDredhat/openstack10, 12, 9+2

Patches

Patch: openwall.comPatch: review.openstack.orgPatch: security.openstack.org

🔴Vulnerability Details

5
OSV
nova vulnerabilities2023-02-13
GHSA
OpenStack Nova Denial of service attack on the compute host2022-05-13
OSV
OpenStack Nova Denial of service attack on the compute host2022-05-13
OSV
CVE-2017-18191: An issue was discovered in OpenStack Nova 152018-02-19
CVEList
CVE-2017-18191: An issue was discovered in OpenStack Nova 152018-02-19

📋Vendor Advisories

3
Ubuntu
Nova vulnerabilities2023-02-13
Red Hat
openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host2018-02-19
Debian
CVE-2017-18191: nova - An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 1...2017

💬Community

1
Bugzilla
CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host2018-02-20
CVE-2017-18191 (HIGH CVSS 7.5) | An issue was discovered in OpenStac | cvebase.io