CVE-2020-17376

Source
https://cve.org/CVERecord?id=CVE-2020-17376
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17376.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-17376
Aliases
Downstream
Related
Published
2020-08-26T19:15:14.580Z
Modified
2026-04-10T04:23:48.386389Z
Severity
  • 8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.

References

Affected packages

Git / github.com/openstack/nova

Affected ranges

Type
GIT
Repo
https://github.com/openstack/nova
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "19.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "21.0.0"
        }
    ]
}

Affected versions

0.*
0.9.0
12.*
12.0.0.0b1
12.0.0.0b2
12.0.0.0b3
12.0.0.0rc1
12.0.0a0
13.*
13.0.0.0b1
13.0.0.0b2
13.0.0.0b3
13.0.0.0rc1
14.*
14.0.0.0b1
14.0.0.0b2
14.0.0.0b3
14.0.0.0rc1
15.*
15.0.0.0b1
15.0.0.0b2
15.0.0.0b3
15.0.0.0rc1
16.*
16.0.0.0b1
16.0.0.0b2
16.0.0.0b3
16.0.0.0rc1
17.*
17.0.0.0b1
17.0.0.0b2
17.0.0.0b3
17.0.0.0rc1
18.*
18.0.0.0b1
18.0.0.0b2
18.0.0.0b3
18.0.0.0rc1
19.*
19.0.0
19.0.0.0rc1
19.0.0.0rc2
19.0.1
19.0.2
19.0.3
19.1.0
19.2.0
19.3.0
20.*
20.0.0.0rc1
2010.*
2010.1
2011.*
2011.1
2011.1rc1
2011.2
2011.2gamma1
2011.2rc1
2013.*
2013.1.rc1
2013.2.b3
2013.2.rc1
2014.*
2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2015.*
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
21.*
21.0.0
21.0.0.0rc1
21.0.0.0rc2
Other
diablo-1
essex-1
folsom-1
folsom-2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17376.json"
unresolved_ranges
[
    {
        "events": [
            {
                "introduced": "20.0.0"
            },
            {
                "fixed": "20.3.1"
            }
        ]
    }
]