CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

References

Affected packages

Git / github.com/openstack/nova

Affected ranges

Type

GIT

Repo

https://github.com/openstack/nova

Events

Introduced

Last affected

3f63d057a64b688b66ff1903c1afc4d97ba6df6d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.0.3"
        }
    ]
}

Affected versions

0.*

0.9.0

12.*

12.0.0.0b1

12.0.0.0b2

12.0.0.0b3

12.0.0.0rc1

12.0.0a0

13.*

13.0.0.0b1

13.0.0.0b2

13.0.0.0b3

13.0.0.0rc1

14.*

14.0.0.0b1

14.0.0.0b2

14.0.0.0b3

14.0.0.0rc1

15.*

15.0.0.0b1

15.0.0.0b2

15.0.0.0b3

15.0.0.0rc1

16.*

16.0.0

16.0.0.0b1

16.0.0.0b2

16.0.0.0b3

16.0.0.0rc1

16.0.0.0rc2

16.0.1

16.0.2

16.0.3

2010.*

2010.1

2011.*

2011.1

2011.1rc1

2011.2

2011.2gamma1

2011.2rc1

2013.*

2013.1.rc1

2013.2.b3

2013.2.rc1

2014.*

2014.1.b1

2014.1.b2

2014.1.b3

2014.1.rc1

2014.2.b1

2014.2.b2

2014.2.b3

2014.2.rc1

2015.*

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

Other

diablo-1

essex-1

folsom-1

folsom-2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17051.json"