[OSSA 2015-017] Deleting instance while resize instance is running leads to unuseable compute nodes (CVE-2015-3280)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Tristan Cacqueray | ||
Juno |
Fix Released
|
Undecided
|
Tony Breeds | ||
Kilo |
Fix Released
|
Undecided
|
Tony Breeds | ||
OpenStack Security Advisory |
Fix Released
|
High
|
Tristan Cacqueray |
Bug Description
Steps to reproduce:
1) Create a new instance,waiting until it’s status goes to ACTIVE state
2) Call resize API
3) Delete the instance immediately after the task_state is “resize_migrated” or vm_state is “resized”
4) Repeat 1 through 3 in a loop
I have kept attached program running for 4 hours, all instances created are deleted (nova list returns empty list) but I noticed instances directories with the name “<instance_
Note: Even the periodic tasks doesn't cleanup these orphan instance directories from the instance path.
CVE References
Changed in ossa: | |
assignee: | nobody → Tristan Cacqueray (tristan-cacqueray) |
Changed in nova: | |
assignee: | nobody → Michael Still (mikalstill) |
no longer affects: | nova/icehouse |
Changed in ossa: | |
status: | Triaged → In Progress |
summary: |
Deleting instance while resize instance is running leads to unuseable - compute nodes + compute nodes (CVE-2015-3280) |
information type: | Private Security → Public Security |
Changed in nova: | |
milestone: | none → liberty-3 |
status: | Fix Committed → Fix Released |
summary: |
- Deleting instance while resize instance is running leads to unuseable - compute nodes (CVE-2015-3280) + [OSSA 2015-017] Deleting instance while resize instance is running leads + to unuseable compute nodes (CVE-2015-3280) |
Changed in nova: | |
status: | Fix Released → New |
Changed in ossa: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | liberty-3 → 12.0.0 |
Changed in nova: | |
status: | New → Fix Released |
This sounds like a potential denial of service vector, so I've added an incomplete security advisory task and subscribed Nova's core security reviewers to comment.