2430312 – (CVE-2026-24708) CVE-2026-24708 openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova

Bug 2430312 (CVE-2026-24708) - CVE-2026-24708 openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova

Summary: CVE-2026-24708 openstack-nova-compute: Arbitrary Host File Overwrite via Unco...

Keywords:
Status:	NEW
Alias:	CVE-2026-24708
Deadline:	2026-02-17
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-16 06:34 UTC by OSIDB Bzimport
Modified:	2026-02-18 05:23 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-16 06:34:39 UTC

Unconstrained disk format handling vulnerability in OpenStack Nova when invoking the qemu-img utility. The flaw occurs because Nova does not strictly enforce the expected disk image format before calling qemu-img. An authenticated attacker can write a crafted QCOW2 header to a raw ephemeral or root disk. When Nova later performs operations such as instance resize, qemu-img interprets the disk as QCOW2 and overwrites arbitrary files on the compute host that Nova has write access to. This can be exploited without additional privileges or user interaction, allowing attackers to destroy other users’ data, corrupt Nova-managed files, or cause denial of service on the compute node.

Note You need to log in before you can comment on or make changes to this bug.