Nova is vulnerable to denial of service (DoS) due to changing neutron ports. An attacker creates a neutron port with the direct vnic_type, instantiates an instance bound to the port, then changes the bound port to macvtap, resulting in compute services failure to restart, leading to a denial of service. Only Nova deployments configured with SR-IOV are affected.