CVE-2026-24708
published 2026-02-18CVE-2026-24708: An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk…
high8.2CVSS 3.1
AVNACHPRLUINSCCNIHAH
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2:26.2.2-1~deb12u4 (bookworm) | nova 2:26.2.2-1~deb12u4 (bookworm) |
| openstack | nova | < 30.2.2 | 30.2.2 |
| openstack | nova | >= 0 < 2:22.4.0-1~deb11u7 | 2:22.4.0-1~deb11u7 |
| openstack | nova | >= 0 < 2:26.2.2-1~deb12u4 | 2:26.2.2-1~deb12u4 |
| openstack | nova | >= 0 < 2:31.0.0-6+deb13u2 | 2:31.0.0-6+deb13u2 |
| openstack | nova | >= 0 < 2:32.1.0-7 | 2:32.1.0-7 |
| openstack | nova | 0 – 30.2.1 | — |
| openstack | nova | >= 31.0.0 < 31.2.1 | 31.2.1 |
| openstack | nova | 31.0.0.0rc1 – 31.2.0 | — |
| openstack | nova | >= 32.0.0 < 32.1.1 | 32.1.1 |
| openstack | nova | 32.0.0.0rc1 – 32.1.0 | — |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
osv8.2HIGH