1546937 – (CVE-2017-18191) CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host

Bug 1546937 (CVE-2017-18191) - CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host

Summary: CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attack...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2017-18191
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1547019 1547020 1547021 1547022 1547023 1547024 1547025
Blocks:	1546939
TreeView+	depends on / blocked

Reported:	2018-02-20 05:50 UTC by Sam Fowler
Modified:	2019-09-29 14:32 UTC (History)
CC List:	25 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	OpenStack Nova has a vulnerability in the handling of encrypted volumes. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. All Nova installations supporting encrypted volumes are affected.
Clone Of:
Environment:
Last Closed:	2019-06-08 03:40:26 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2332	None	None	None	2018-08-20 12:55:38 UTC
Red Hat Product Errata	RHSA-2018:2714	None	None	None	2018-09-17 16:51:01 UTC
Red Hat Product Errata	RHSA-2018:2855	None	None	None	2018-10-02 18:52:30 UTC

Description Sam Fowler 2018-02-20 05:50:41 UTC

OpenStack Nova 15.x through 15.1.0 and 16.x through 16.0.4 has a vulnerability in the handling of encrypted volumes. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. 

All Nova setups supporting encrypted volumes are affected.


Upstream Bug:

https://bugs.launchpad.net/nova/+bug/1739593


Upstream Commit:

https://review.openstack.org/#/c/539893/

Comment 8 errata-xmlrpc 2018-08-20 12:55:27 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 12.0 (Pike)

Via RHSA-2018:2332 https://access.redhat.com/errata/RHSA-2018:2332

Comment 9 errata-xmlrpc 2018-09-17 16:50:50 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2018:2714 https://access.redhat.com/errata/RHSA-2018:2714

Comment 10 errata-xmlrpc 2018-10-02 18:52:18 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2018:2855 https://access.redhat.com/errata/RHSA-2018:2855

Note You need to log in before you can comment on or make changes to this bug.

apevec
berrange
chrisw
dasmith
eglynn
jhakimra
jjoyce
jpadman
jschluet
kbasil
kchamart
lhh
lpeer
lyarwood
markmc
mburns
nova-maint
rbryant
sbauza
sclewis
sgordon
slinaber
srevivo
tdecacqu
vromanso