OpenStack Nova 23.2.2/24.1.2/25.0.2 SR-IOV vnic_type switch causes compute DoS
CVE-2022-37394 Published on August 3, 2022

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

NVD

Products Associated with CVE-2022-37394

stack.watch emails you whenever new vulnerabilities are published in OpenStack Nova or Canonical Ubuntu Linux. Just hit a watch button to start following.

OpenStack Nova

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.06%

Percentile

18.03%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

OpenStack Nova 23.2.2/24.1.2/25.0.2 SR-IOV vnic_type switch causes compute DoSCVE-2022-37394 Published on August 3, 2022

Products Associated with CVE-2022-37394

Exploit Probability

OpenStack Nova 23.2.2/24.1.2/25.0.2 SR-IOV vnic_type switch causes compute DoS
CVE-2022-37394 Published on August 3, 2022