Lucene search

K
cve[email protected]CVE-2022-37394
HistoryAug 03, 2022 - 7:15 a.m.

CVE-2022-37394

2022-08-0307:15:07
web.nvd.nist.gov
50
6
openstack
nova
cve-2022-37394
vulnerability
denial of service
nvd
sr-iov

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

3.9 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

Affected configurations

NVD
Node
openstacknovaRange<23.2.2
OR
openstacknovaRange24.0.024.1.2
OR
openstacknovaRange25.0.025.0.2

Social References

More

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

3.9 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%