The fix for CVE-2022-47951 was backported directly to RHOSP 17.0. Given that the fix is in upstream stable/wallaby, it should be included in RHOSP 17.1 via direct pull of the stable branch. This BZ is just a reminder to verify that that's the case. Not making this a private bug because CVE-2022-47591 has already been published.
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2368282, which is tagged 'rhos-17.1-rhel-8-trunk-candidate', indicates that both of the upstream patches ("Use the json format output of qemu-img info" and "Check VMDK subformat against an allowed list" have been included in RHOSP 17.1
The reproducer doesn't trigger the issue anymore, and cinder correctly rejects the image. [stack@undercloud-0 ~]$ cat cve/leakh.vmdk # Disk DescriptorFile version=1 CID=f776622b parentCID=ffffffff createType="monolithicFlat" # Extent description RW 2048 FLAT "/etc/hosts" 0 # The Disk Data Base #DDB ddb.virtualHWVersion = "4" ddb.geometry.cylinders = "2" ddb.geometry.heads = "16" ddb.geometry.sectors = "63" ddb.adapterType = "ide" ddb.toolsVersion = "2147483647" $ openstack image create --disk-format vmdk --container-format bare --file leakh.vmdk leakh.vmdk $ openstack volume create --image leakh.vmdk --size 1 leakh The volume moves to the error state. The logs (cinder-volume.log) contains: 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server [req-8f914f2f-cbb3-4a7d-941a-1edcac460887 cd455d3ae46e456b8973f6a285b2f4ce fd03e851f8b64d49a596d99327d201df - - -] Exception during message handling: cinder.exception.ImageUnacceptable: Image 99bec0ca-29c4-4974-804d-b9419881c940 is unacceptable: Invalid VMDK create-type specified 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server Traceback (most recent call last): 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/oslo_messaging/rpc/server.py", line 165, in _process_incoming 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/oslo_messaging/rpc/dispatcher.py", line 309, in dispatch 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/oslo_messaging/rpc/dispatcher.py", line 229, in _do_dispatch 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "<decorator-gen-5>", line 2, in create_volume 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/objects/cleanable.py", line 208, in wrapper 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server result = f(*args, **kwargs) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/volume/manager.py", line 772, in create_volume 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server _run_flow() 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/volume/manager.py", line 764, in _run_flow 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server flow_engine.run() 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/taskflow/engines/action_engine/engine.py", line 247, in run 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server for _state in self.run_iter(timeout=timeout): 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/taskflow/engines/action_engine/engine.py", line 340, in run_iter 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server failure.Failure.reraise_if_any(er_failures) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/taskflow/types/failure.py", line 339, in reraise_if_any 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server failures[0].reraise() 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/taskflow/types/failure.py", line 346, in reraise 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server six.reraise(*self._exc_info) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server raise value 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/taskflow/engines/action_engine/executor.py", line 53, in _execute_task 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server result = task.execute(**arguments) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/volume/flows/manager/create_volume.py", line 1157, in execute 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server model_update = self._create_from_image(context, 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/utils.py", line 614, in _wrapper 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server return r.call(f, *args, **kwargs) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/tenacity/__init__.py", line 411, in call 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server return self.__call__(*args, **kwargs) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/tenacity/__init__.py", line 423, in __call__ 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server do = self.iter(retry_state=retry_state) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/tenacity/__init__.py", line 360, in iter 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server return fut.result() 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib64/python3.9/concurrent/futures/_base.py", line 439, in result 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server return self.__get_result() 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib64/python3.9/concurrent/futures/_base.py", line 391, in __get_result 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server raise self._exception 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/tenacity/__init__.py", line 426, in __call__ 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server result = fn(*args, **kwargs) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/volume/flows/manager/create_volume.py", line 1059, in _create_from_image 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server model_update = self._create_from_image_cache_or_download( 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/volume/flows/manager/create_volume.py", line 925, in _create_from_image_cache_or_download 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server with image_utils.TemporaryImages.fetch( 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib64/python3.9/contextlib.py", line 119, in __enter__ 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server return next(self.gen) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/image/image_utils.py", line 1158, in fetch 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server fetch_verify_image(context, image_service, image_id, tmp) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/image/image_utils.py", line 743, in fetch_verify_image 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server check_vmdk_image(image_id, data) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.9/site-packages/cinder/image/image_utils.py", line 643, in check_vmdk_image 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server raise exception.ImageUnacceptable(image_id=image_id, reason=msg) 2023-06-12 17:33:59.916 13 ERROR oslo_messaging.rpc.server cinder.exception.ImageUnacceptable: Image 99bec0ca-29c4-4974-804d-b9419881c940 is unacceptable: Invalid VMDK create-type specified Verified on: openstack-cinder-18.2.2-1.20230518161042.36649bd.el9ost.noarch python3-cinder-18.2.2-1.20230518161042.36649bd.el9ost.noarch python3-cinder-common-18.2.2-1.20230518161042.36649bd.el9ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:4577