CVE-2020-17376 in OpenStack and Canonical Products
Published on August 26, 2020
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.
Products Associated with CVE-2020-17376
stack.watch emails you whenever new vulnerabilities are published in OpenStack Nova or Canonical Ubuntu Linux. Just hit a watch button to start following.
Exploit Probability
EPSS
0.39%
Percentile
59.36%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.