Candidate: CVE-2017-17051
CRD: 2017-12-05
PublicDate: 2017-12-05 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
 https://security.openstack.org/ossa/OSSA-2017-006.html
 http://www.openwall.com/lists/oss-security/2017/12/05/5
Description:
 An issue was discovered in the default FilterScheduler in OpenStack Nova
 16.0.3. By repeatedly rebuilding an instance with new images, an
 authenticated user may consume untracked resources on a hypervisor host
 leading to a denial of service, aka doubled resource allocations. This
 regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239);
 however, only Nova stable/pike or later deployments with that fix applied
 and relying on the default FilterScheduler are affected.
Ubuntu-Description:
Notes:
 mdeslaur> only affects pike and later
Bugs:
 https://launchpad.net/bugs/1732976
Priority: medium
Discovered-by: Matt Riedemann
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H [8.6 HIGH]


Patches_nova:
 upstream: https://review.openstack.org/521662 (queens)
 upstream: https://review.openstack.org/523214 (pike)
upstream_nova: needs-triage
precise/esm_nova: DNE
trusty_nova: not-affected (code not present)
trusty/esm_nova: DNE (trusty was not-affected [code not present])
xenial_nova: not-affected (code not present)
esm-infra/xenial_nova: not-affected (code not present)
zesty_nova: ignored (reached end-of-life)
artful_nova: released (2:16.1.2-0ubuntu1)
bionic_nova: not-affected (2:17.0.0~rc2-0ubuntu1)
devel_nova: not-affected (2:17.0.0~rc2-0ubuntu1)