7 matches found
CVE-2026-46448
A flaw was found in OpenStack Nova. The server creation application programming interface API fails to remove specific hint data, leading to instances being created without proper Placement allocation. This can result in a denial of service, as resources may not be correctly assigned or managed f...
GHSA-MFG3-P6M3-GJGR OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints
Affects - Nova: =18.0.0 =32.0.0 =33.0.0 33.0.2 Description Erichen from the Institute of Computing Technology, Chinese Academy of Sciences reported that Nova's server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling...
CVE-2026-46448
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...
UBUNTU-CVE-2026-46448
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...
CVE-2026-46448
OpenStack Nova before 33.0.2 is affected: the server create API does not strip internal _nova-prefixed scheduler hints, causing instances to be created without proper Placement allocation. This can enable resource misallocation and, in worst cases, denial of service through compute-node resource ...
CVE-2026-46448
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...
CVE-2026-46448
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...