Host data corruption through nova inject_key feature
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Balazs Gibizer | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Reported by Garth Mollett from Red Hat.
The nova.virt.
Under certain circumstances, the boot process will fold back to VFSLocalFS when trying to inject the public key, for libvirt:
* when libguestfs is not installed or can't be loaded.
* use_cow_
* for loopback mount at least, there is a race condition to win in virt/disk/
The xenapi is also likely vulnerable, though untested.
description: | updated |
Changed in nova: | |
importance: | Undecided → Medium |
assignee: | nobody → Sean Dague (sdague) |
Changed in nova: | |
assignee: | Sean Dague (sdague) → Matt Riedemann (mriedem) |
status: | Confirmed → In Progress |
Changed in nova: | |
assignee: | Matt Riedemann (mriedem) → Balazs Gibizer (balazs-gibizer) |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.