OpenStack Compute (nova)

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #2071734
Comment #79

Comment 79 for bug 2071734

Revision history for this message

Dan Smith (danms) wrote on 2024-07-22: Re: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors (CVE-2024-40767)

#79

Right, this is definitely exploitable without this patch, it just requires a use_cow_images=False (or equivalent - there are a few ways to get there) config on the backend.

So just to be clear (correct me if I'm wrong), this testing was for the reported issue without the patch for this bug and without the requisite config to exploit. Thus, we're still looking good with this bug/patch per plan.