Vulnerability Description
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Nova | 16.0.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102102Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1732976Issue TrackingThird Party Advisory
- https://review.openstack.org/521662Vendor Advisory
- https://review.openstack.org/523214Vendor Advisory
- https://security.openstack.org/ossa/OSSA-2017-006.htmlVendor Advisory
- http://www.securityfocus.com/bid/102102Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1732976Issue TrackingThird Party Advisory
- https://review.openstack.org/521662Vendor Advisory
- https://review.openstack.org/523214Vendor Advisory
- https://security.openstack.org/ossa/OSSA-2017-006.htmlVendor Advisory
FAQ
What is CVE-2017-17051?
CVE-2017-17051 is a vulnerability with a CVSS score of 8.6 (HIGH). An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hyperv...
How severe is CVE-2017-17051?
CVE-2017-17051 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17051?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.