CVE-2022-37394

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-37394
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37394.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-37394
Aliases
Related
Published
2022-08-03T07:15:07Z
Modified
2024-09-18T03:22:24.517044Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

References

Affected packages

Debian:11 / nova

Package

Name
nova
Purl
pkg:deb/debian/nova?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:22.*

2:22.0.1-2
2:22.0.1-2+deb11u1
2:22.4.0-1~deb11u5

2:23.*

2:23.0.0~rc1-1
2:23.0.0-1
2:23.0.1-1
2:23.0.2-1
2:23.0.2-3

2:24.*

2:24.0.0~rc1-1
2:24.0.0~rc1-2
2:24.0.0~rc1-3
2:24.0.0~rc1-4
2:24.0.0-1
2:24.0.0-2

2:25.*

2:25.0.0~rc1-1
2:25.0.0~rc1-2
2:25.0.0-1
2:25.0.0-2
2:25.0.0-3
2:25.0.0-4
2:25.0.0-5
2:25.0.0-6
2:25.0.1-1
2:25.0.1-2
2:25.0.1-3

2:26.*

2:26.0.0~rc1-1
2:26.0.0~rc1-2
2:26.0.0~rc1-3
2:26.0.0-1
2:26.0.0-1.1
2:26.0.0-2
2:26.0.0-4
2:26.0.0-5
2:26.0.0-6
2:26.1.0-1
2:26.1.0-2
2:26.1.0-4
2:26.2.2-1~deb12u3

2:27.*

2:27.0.0~rc1-1
2:27.0.0-1
2:27.0.0-2
2:27.0.0-3
2:27.0.0-4
2:27.0.0-5
2:27.0.0-6

2:28.*

2:28.0.0~rc1-1
2:28.0.0-1
2:28.0.0-2

2:29.*

2:29.0.0~rc1-1
2:29.0.1-1
2:29.0.1-2
2:29.0.1-3
2:29.0.1-4
2:29.0.1-5
2:29.0.1-6
2:29.0.2-1
2:29.0.2-2
2:29.0.2-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / nova

Package

Name
nova
Purl
pkg:deb/debian/nova?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:26.0.0~rc1-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / nova

Package

Name
nova
Purl
pkg:deb/debian/nova?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:26.0.0~rc1-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/openstack/nova

Affected ranges

Type
GIT
Repo
https://github.com/openstack/nova
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a9e81626c5e9dac897759c5f66c7ae1b4efa3c6d

Affected versions

0.*

0.9.0

12.*

12.0.0
12.0.0.0b1
12.0.0.0b2
12.0.0.0b3
12.0.0.0rc1
12.0.0.0rc2
12.0.0.0rc3
12.0.0a0

13.*

13.0.0
13.0.0.0b1
13.0.0.0b2
13.0.0.0b3
13.0.0.0rc1
13.0.0.0rc2
13.0.0.0rc3

14.*

14.0.0.0b1
14.0.0.0b2
14.0.0.0b3
14.0.0.0rc1

15.*

15.0.0.0b1
15.0.0.0b2
15.0.0.0b3
15.0.0.0rc1

16.*

16.0.0.0b1
16.0.0.0b2
16.0.0.0b3
16.0.0.0rc1

17.*

17.0.0.0b1
17.0.0.0b2
17.0.0.0b3
17.0.0.0rc1

18.*

18.0.0.0b1
18.0.0.0b2
18.0.0.0b3
18.0.0.0rc1

19.*

19.0.0.0rc1

20.*

20.0.0.0rc1

2010.*

2010.1

2011.*

2011.1
2011.1rc1
2011.2
2011.2gamma1
2011.2rc1

2013.*

2013.1.rc1
2013.2.b3
2013.2.rc1

2014.*

2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.2
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2014.2.rc2

2015.*

2015.1.0
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
2015.1.0rc2
2015.1.0rc3

21.*

21.0.0.0rc1

22.*

22.0.0
22.0.0.0rc1

23.*

23.0.0
23.0.0.0rc1
23.0.0.0rc2
23.0.1
23.0.2
23.1.0
23.2.0
23.2.1

Other

diablo-1
diablo-2
essex-1
folsom-1
folsom-2