About severity of the issue: I've just imaged scenario where this would lead to compromise.
Let's says we got some PCI-passthrough installation which relies on image-level (operating system level) permissions to allow or disallow some operations with hardware. Tenants are allowed to use images with properly configured permissions system and they are forbidden to run random (untrusted/unverified) code on those nodes.
By issuing 'rebuild' command with specially crafted image malicious tenant may compromise hardware by means of bypassing image-level security and Openstack's restriction on which images are allowed to run on the node with sensitive hardware.
I don't think that this is a common use case, but who knows whom Stuxnet would use this bug on whom nuclear factory.
About severity of the issue: I've just imaged scenario where this would lead to compromise.
Let's says we got some PCI-passthrough installation which relies on image-level (operating system level) permissions to allow or disallow some operations with hardware. Tenants are allowed to use images with properly configured permissions system and they are forbidden to run random (untrusted/ unverified) code on those nodes.
By issuing 'rebuild' command with specially crafted image malicious tenant may compromise hardware by means of bypassing image-level security and Openstack's restriction on which images are allowed to run on the node with sensitive hardware.
I don't think that this is a common use case, but who knows whom Stuxnet would use this bug on whom nuclear factory.