Glance

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #2059809
Comment #243

Comment 243 for bug 2059809

Revision history for this message

Dan Smith (danms) wrote on 2024-07-01 (last edit on 2024-07-01): Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498)

#243

late-nova-fix.patch Edit (867 bytes, text/plain)

Okay, so it's a regression because of the *mechanism* by which the second exploit that was found works. Effectively we lose the type of the base image in the image cache. So the fix to not detect images as different types than their glance metadata says means we will insert a VMDK into the cache as raw, but then later detect it as VMDK and not obsess over the type allow-list that nova has.

That said, here's a patch (confirmed by arnaud) which adds the vmdk_allowed_types check back in if we later interpret it as VMDK. I'll work on tests, but attaching it here as early as possible.