CVE 2015-3280
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
Related bugs and status
CVE-2015-3280 (Candidate) is related to these bugs:
Bug #1392527: [OSSA 2015-017] Deleting instance while resize instance is running leads to unuseable compute nodes (CVE-2015-3280)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1392527 | [OSSA 2015-017] Deleting instance while resize instance is running leads to unuseable compute nodes (CVE-2015-3280) | OpenStack Compute (nova) | High | Fix Released | ||
| 1392527 | [OSSA 2015-017] Deleting instance while resize instance is running leads to unuseable compute nodes (CVE-2015-3280) | OpenStack Security Advisory | High | Fix Released | ||
| 1392527 | [OSSA 2015-017] Deleting instance while resize instance is running leads to unuseable compute nodes (CVE-2015-3280) | OpenStack Compute (nova) juno | Undecided | Fix Released | ||
| 1392527 | [OSSA 2015-017] Deleting instance while resize instance is running leads to unuseable compute nodes (CVE-2015-3280) | OpenStack Compute (nova) kilo | Undecided | Fix Released | ||
Bug #1489775: Nova may fail to delete images in resize state
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1489775 | Nova may fail to delete images in resize state | Mirantis OpenStack | High | Fix Released | ||
| 1489775 | Nova may fail to delete images in resize state | Mirantis OpenStack 6.0.x | High | Fix Released | ||
| 1489775 | Nova may fail to delete images in resize state | Mirantis OpenStack 6.1.x | High | Fix Released | ||
| 1489775 | Nova may fail to delete images in resize state | Mirantis OpenStack 8.0.x | High | Fix Released | ||
| 1489775 | Nova may fail to delete images in resize state | Mirantis OpenStack 7.0.x | High | Fix Released | ||
Bug #1589821: cleanup_incomplete_migrations periodic task regression with commit 099cf53 (CVE-2016-7498)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1589821 | cleanup_incomplete_migrations periodic task regression with commit 099cf53 (CVE-2016-7498) | OpenStack Compute (nova) | High | Fix Released | ||
| 1589821 | cleanup_incomplete_migrations periodic task regression with commit 099cf53 (CVE-2016-7498) | OpenStack Compute (nova) mitaka | High | Fix Released | ||
| 1589821 | cleanup_incomplete_migrations periodic task regression with commit 099cf53 (CVE-2016-7498) | OpenStack Security Advisory | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
