Vulnerability Details : CVE-2022-37394
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2022-37394
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 14 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-37394
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
1.8
|
1.4
|
NIST |
References for CVE-2022-37394
-
https://bugs.launchpad.net/ossa/+bug/1981813
Exploit;Issue Tracking;Third Party Advisory
-
https://review.opendev.org/c/openstack/nova/+/850003
Third Party Advisory
-
https://review.opendev.org/c/openstack/nova/+/849985
Patch;Third Party Advisory
Products affected by CVE-2022-37394
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*