Vulnerability Details : CVE-2017-17051
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
Vulnerability category: Denial of service
Products affected by CVE-2017-17051
- cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-17051
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-17051
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
8.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
NIST |
CWE ids for CVE-2017-17051
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-17051
-
https://review.openstack.org/523214
Change I8a9157bc: Fix doubling allocations on rebuild | review.opendev Code ReviewVendor Advisory
-
https://security.openstack.org/ossa/OSSA-2017-006.html
OpenStack Docs: OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new imageVendor Advisory
-
http://www.securityfocus.com/bid/102102
OpenStack Nova CVE-2017-17051 Incomplete Fix Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://review.openstack.org/521662
Change I8a9157bc: Fix doubling allocations on rebuild | review.opendev Code ReviewVendor Advisory
-
https://launchpad.net/bugs/1732976
Bug #1732976 “[OSSA-2017-006] Potential DoS by rebuilding the sa...” : Bugs : OpenStack Compute (nova)Issue Tracking;Third Party Advisory
Jump to