Launchpad.net

CVE 2014-3608

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.

Related bugs and status

CVE-2014-3608 (Candidate) is related to these bugs:

Bug #1338830: [OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)

		In	Importance	Status
1338830	[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)	OpenStack Compute (nova)	Low	Invalid
1338830	[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)	OpenStack Security Advisory	Medium	Fix Released
1338830	[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)	OpenStack Compute (nova) havana	Undecided	Won't Fix
1338830	[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)	OpenStack Compute (nova) icehouse	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3608

Related bugs and status

Related bugs

References