PYSEC-2026-882

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-882.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-882
Aliases
Published
2026-07-06T08:03:31.644390Z
Modified
2026-07-07T11:45:15.739964357Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
OpenStack Nova Changing vnic_type breaks compute service restart
Details

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

References

Affected packages

PyPI / nova

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.2.2
Introduced
24.0.0
Fixed
24.1.2
Introduced
25.0.0
Fixed
25.0.2

Affected versions

15.*
15.1.5
16.*
16.1.6
16.1.7
16.1.8
17.*
17.0.7
17.0.8
17.0.9
17.0.10
17.0.11
17.0.12
17.0.13
18.*
18.0.2
18.0.3
18.1.0
18.2.0
18.2.1
18.2.2
18.2.3
18.3.0
19.*
19.0.0.0rc1
19.0.0.0rc2
19.0.0
19.0.1
19.0.2
19.0.3
19.1.0
19.2.0
19.3.0
19.3.1
19.3.2
20.*
20.0.0.0rc1
20.0.0.0rc2
20.0.0
20.0.1
20.1.0
20.1.1
20.2.0
20.3.0
20.4.0
20.4.1
20.5.0
20.6.0
20.6.1
21.*
21.0.0.0rc1
21.0.0.0rc2
21.0.0
21.1.0
21.1.1
21.1.2
21.2.0
21.2.1
21.2.2
21.2.3
21.2.4
22.*
22.0.0.0rc1
22.0.0
22.0.1
22.1.0
22.2.0
22.2.1
22.2.2
22.3.0
22.4.0
23.*
23.0.0.0rc1
23.0.0.0rc2
23.0.0
23.0.1
23.0.2
23.1.0
23.2.0
23.2.1
24.*
24.0.0
24.1.0
24.1.1
25.*
25.0.0
25.0.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-882.yaml"