Bugzilla – Bug 856685
VUL-0: CVE-2013-6437: openstack-nova: Nova compute DoS through ephemeral disk backing files
Last modified: 2016-04-27 20:01:23 UTC
CVE-2013-6437 Phil Day from HP reported a vulnerability in the libvirt driver handling of ephemeral disk backing files on Nova compute nodes. By repeatedly creating snapshots, changing the os_type to a new random value, and spawning new instances from the snapshot (and quickly deleting those instances), an authenticated user could generate lots of different ephemeral disk backing files and fill up compute node disks, potentially resulting in a Denial of Service against a Nova setup. Only Nova setups running the libvirt driver are affected. Icehouse (development branch) fix: https://review.openstack.org/62910 Havana fix: https://review.openstack.org/62912 Grizzly fix: https://review.openstack.org/62913 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437 https://bugs.launchpad.net/nova/+bug/1253980
bugbot adjusting priority
do we need a fix for this?
We have the fix in Cloud 3; I don't think we have it in 2.0. Do you want an update for 2.0?
no need for a cloud 2 fix, also only a denial of service