CVE-2017-18191
HIGHOpenStack Nova 15.0.0-15.1.0 and 16.0.0-16.1.1 - Denial of Service via Encrypted Volume Detach/Reattach
Title source: llmDescription
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103104
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2714
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://review.openstack.org/539893
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://openwall.com/lists/oss-security/2018/04/20/3
Patch, Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2018-001.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2332
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://launchpad.net/bugs/1739593
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2855
Scores
CVSS v3
7.5
EPSS
0.0248
EPSS Percentile
85.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (5)
openstack/nova
15.0.0 - 15.1.0
pypi/nova
15.0.0 - 15.1.1PyPI
redhat/openstack
9
redhat/openstack
10
redhat/openstack
12
Published
Feb 19, 2018
Tracked Since
Feb 18, 2026