CVE-2017-18191

CVE Database · CVE-2017-18191

CVE-2017-18191

· N/AModified

CVSS v3.1

N/A

EPSS

3.89%

Published

Feb 19, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.

Affected Products (5)

openstack · novavulnerable

redhat · openstackvulnerable

References (16)

http://openwall.com/lists/oss-security/2018/04/20/3

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/103104

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2332

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2714

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2855

Third Party Advisory

https://launchpad.net/bugs/1739593

Exploit

KEV Catalog EPSS Scores Vendors All CVEs