Описание
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw disk and trigger destructive behavior during instance operations such as resize.
Отчет
This vulnerability is rated Important for Red Hat OpenStack Platform. An authenticated attacker can exploit unconstrained disk format handling in OpenStack Nova when invoking qemu-img. By crafting a QCOW2 header on an ephemeral or root disk, an attacker can cause qemu-img to overwrite arbitrary files on the compute host with Nova's write access, leading to data destruction or denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-nova-compute | Affected | ||
| Red Hat OpenStack Platform 16.2 | rhosp12/openstack-nova-compute | Not affected | ||
| Red Hat OpenStack Platform 16.2 | rhosp-rhel8/openstack-nova-compute | Affected | ||
| Red Hat OpenStack Platform 16.2 | rhosp-rhel9/openstack-nova-compute | Not affected | ||
| Red Hat OpenStack Platform 17.1 | rhosp12/openstack-nova-compute | Not affected | ||
| Red Hat OpenStack Platform 17.1 | rhosp-rhel9/openstack-nova-compute | Affected | ||
| Red Hat OpenStack Platform 18.0 | rhoso/openstack-nova-compute-rhel9 | Not affected | ||
| Red Hat OpenStack Platform 18.0 | rhosp12/openstack-nova-compute | Not affected | ||
| Red Hat OpenStack Platform 18.0 | rhosp-rhel9/openstack-nova-compute | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31. ...
OpenStack Nova calls qemu-img without format restrictions for resize
EPSS
7.1 High
CVSS3