Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-17376

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.

Published

2020-08-26T19:15:14.580

Last Modified

2024-11-21T05:07:58.283

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.3 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openstack	nova	< 19.3.1	Yes
Application	openstack	nova	< 20.3.1	Yes
Application	openstack	nova	21.0.0	Yes

References

http://www.openwall.com/lists/oss-security/2020/08/25/4 Mailing List, Patch, Third Party Advisory ([email protected])
https://launchpad.net/bugs/1890501 Exploit, Third Party Advisory ([email protected])
https://security.openstack.org/ossa/OSSA-2020-006.html Patch, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2020/08/25/4 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.net/bugs/1890501 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.openstack.org/ossa/OSSA-2020-006.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)