Thierry Carrez of the OpenStack project reports: Title: Nova compute DoS through ephemeral disk backing files Reporter: Phil Day (HP) Products: Nova Affects: All supported versions Description: Phil Day from HP reported a vulnerability in the libvirt driver handling of ephemeral disk backing files on Nova compute nodes. By repeatedly creating snapshots, changing the os_type to a new random value, and spawning new instances from the snapshot (and quickly deleting those instances), an authenticated user could generate lots of different ephemeral disk backing files and fill up compute node disks, potentially resulting in a Denial of Service against a Nova setup. Only Nova setups running the libvirt driver are affected. CVE-2013-6437 has been assigned to identify this flaw. Acknowledgements: Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day from HP as the original reporter.
Created attachment 836520 [details] grizzly patch
Created attachment 836521 [details] havana patch
Created attachment 836523 [details] icehouse patch
This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0231 https://rhn.redhat.com/errata/RHSA-2014-0231.html
Trackers were never added for fedora/rdo when this was unembargoed. It's almost certainly been fixed in a rebase since then but filing anyway.
Statement: Red Hat Product Security has rated this issue as having moderate security impact in Red Hat OpenStack Platform 3.0. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Created openstack-nova tracking bugs for this issue: Affects: fedora-all [bug 1119584] Affects: epel-6 [bug 1119585]