Title: Scheduler denial of service through scheduler_hints Impact: Medium Reporter: Dan Prince (Red Hat) Products: Nova Affects: Essex, Folsom series Description: Dan Prince from Red Hat reported a vulnerability in Nova scheduler nodes. By creating servers with malicious scheduler_hints, an authenticated user may generate a huge amount of database calls, potentially resulting in a Denial of Service attack against Nova scheduler nodes. Only setups exposing the OpenStack API and enabling DifferentHostFilter and/or SameHostFilter are affected.
Created attachment 596162 [details] Upstream patch for Essex
Created attachment 596163 [details] Upstream patch for Folsom
Created openstack-nova tracking bugs for this issue Affects: fedora-all [bug 839407]
References: http://thread.gmane.org/gmane.comp.security.oss.general/7988 https://lists.launchpad.net/openstack/msg14452.html Upstream bug: https://bugs.launchpad.net/nova/+bug/1017795 Upstream commits: Folsom: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d Essex: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9
Created openstack-nova tracking bugs for this issue Affects: epel-6 [bug 844041]