Ubuntu Cloud Archive

Bug #2059809
Comment #299

Comment 299 for bug 2059809

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-07-03: Fix merged to cinder (master)

#299

Reviewed: https://review.opendev.org/c/openstack/cinder/+/923244
Committed: https://opendev.org/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
Submitter: "Zuul (22348)"
Branch: master

commit d6a186945e03649343af55b46ed8dfe0dd326e40
Author: Brian Rosmaita <email address hidden>
Date: Wed Jun 26 14:09:30 2024 -0400

CVE-2024-32498: Check for external qcow2 data file

    Adds code to image_utils to check for a qcow2 external data
    file, a recent feature of qemu which we do not support and
    which can be used maliciously.

    Advice from the qemu-img community is that it is dangerous
    to call qemu-img info on untrusted files, so we copy over
    the format_inspector module from Glance. This performs basic
    analysis on the image data file so we can detect problematic
    images before we call qemu-img info to get all the image
    attributes. It is expected that this code will eventually be
    added to oslo so it can be consumed by Glance, Cinder, and
    Nova.

    Because cinder itself may create qcow2 format images with a
    backing file in nfs-based backends, the glance format_inspector
    has been modified to optionally allow such files. Since we are
    monkeying with the format_inspector code, we also copy over
    its unit tests to prevent regressions and to add tests for the
    changed code.

    Includes an additional fix to prevent an issue where a user
    could mount a raw volume and write a qcow2 header with a larger
    virtual size on it. On reattaching the volume it would have the
    new larger virtual size avaialable without actually changing
    the size value in cinder. While we cannot prevent this we can
    prevent the user from using this volume again, which makes this
    exploit pointless.

Co-authored-by: Dan Smith <email address hidden>
Co-authored-by: Felix Huettner <email address hidden>

Change-Id: I65857288b797cde573e7443ac6e7e6f57fedde01
Closes-bug: #2059809

Reviewed:  https://review.opendev.org/c/openstack/cinder/+/923244
Committed: https://opendev.org/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
Submitter: "Zuul (22348)"
Branch:    master

commit d6a186945e03649343af55b46ed8dfe0dd326e40
Author: Brian Rosmaita <rosmaita.fossdev@gmail.com>
Date:   Wed Jun 26 14:09:30 2024 -0400

CVE-2024-32498: Check for external qcow2 data file
    
    Adds code to image_utils to check for a qcow2 external data
    file, a recent feature of qemu which we do not support and
    which can be used maliciously.
    
    Advice from the qemu-img community is that it is dangerous
    to call qemu-img info on untrusted files, so we copy over
    the format_inspector module from Glance.  This performs basic
    analysis on the image data file so we can detect problematic
    images before we call qemu-img info to get all the image
    attributes.  It is expected that this code will eventually be
    added to oslo so it can be consumed by Glance, Cinder, and
    Nova.
    
    Because cinder itself may create qcow2 format images with a
    backing file in nfs-based backends, the glance format_inspector
    has been modified to optionally allow such files.  Since we are
    monkeying with the format_inspector code, we also copy over
    its unit tests to prevent regressions and to add tests for the
    changed code.
    
    Includes an additional fix to prevent an issue where a user
    could mount a raw volume and write a qcow2 header with a larger
    virtual size on it. On reattaching the volume it would have the
    new larger virtual size avaialable without actually changing
    the size value in cinder.  While we cannot prevent this we can
    prevent the user from using this volume again, which makes this
    exploit pointless.
    
    Co-authored-by: Dan Smith <dansmith@redhat.com>
    Co-authored-by: Felix Huettner <felix.huettner@mail.schwarz>
    
    Change-Id: I65857288b797cde573e7443ac6e7e6f57fedde01
    Closes-bug: #2059809