7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.6%
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
openwall.com/lists/oss-security/2018/04/20/3
www.securityfocus.com/bid/103104
access.redhat.com/errata/RHSA-2018:2332
access.redhat.com/errata/RHSA-2018:2714
access.redhat.com/errata/RHSA-2018:2855
github.com/advisories/GHSA-ffmh-r67w-m88f
github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac
github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58
github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88
launchpad.net/bugs/1739593
nvd.nist.gov/vuln/detail/CVE-2017-18191
review.openstack.org/539893
security.openstack.org/ossa/OSSA-2018-001.html
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.6%