Launchpad CVE tracker

CVE 2014-2573

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

Related bugs and status

CVE-2014-2573 (Candidate) is related to these bugs:

Bug #1269418: [OSSA 2014-017] nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573)

		In	Importance	Status
1269418	[OSSA 2014-017] nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573)	OpenStack Compute (nova)	High	Fix Released
1269418	[OSSA 2014-017] nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573)	OpenStack Security Advisory	Medium	Fix Released
1269418	[OSSA 2014-017] nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573)	VMwareAPI-Team	High	In Progress
1269418	[OSSA 2014-017] nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573)	OpenStack Compute (nova) havana	High	Fix Released
1269418	[OSSA 2014-017] nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573)	OpenStack Compute (nova) icehouse	High	Fix Released

Bug #1338830: [OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)

		In	Importance	Status
1338830	[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)	OpenStack Compute (nova)	Low	Invalid
1338830	[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)	OpenStack Security Advisory	Medium	Fix Released
1338830	[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)	OpenStack Compute (nova) havana	Undecided	Won't Fix
1338830	[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)	OpenStack Compute (nova) icehouse	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-2573

References