{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "103104", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103104"}, {"name": "RHSA-2018:2714", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2714"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://review.openstack.org/539893"}, {"tags": ["x_refsource_MISC"], "url": "http://openwall.com/lists/oss-security/2018/04/20/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2018-001.html"}, {"name": "RHSA-2018:2332", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2332"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/1739593"}, {"name": "RHSA-2018:2855", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2855"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18191", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "103104", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103104"}, {"name": "RHSA-2018:2714", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2714"}, {"name": "https://review.openstack.org/539893", "refsource": "CONFIRM", "url": "https://review.openstack.org/539893"}, {"name": "http://openwall.com/lists/oss-security/2018/04/20/3", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2018/04/20/3"}, {"name": "https://security.openstack.org/ossa/OSSA-2018-001.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2018-001.html"}, {"name": "RHSA-2018:2332", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2332"}, {"name": "https://launchpad.net/bugs/1739593", "refsource": "CONFIRM", "url": "https://launchpad.net/bugs/1739593"}, {"name": "RHSA-2018:2855", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2855"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:13:49.181Z"}, "title": "CVE Program Container", "references": [{"name": "103104", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103104"}, {"name": "RHSA-2018:2714", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2714"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://review.openstack.org/539893"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2018/04/20/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2018-001.html"}, {"name": "RHSA-2018:2332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2332"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/bugs/1739593"}, {"name": "RHSA-2018:2855", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2855"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18191", "datePublished": "2018-02-19T17:00:00", "dateReserved": "2018-02-19T00:00:00", "dateUpdated": "2024-08-05T21:13:49.181Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4941F71-BCC5-4D52-A640-29ECE6A1EC4E", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "314BD034-893F-42AF-B3A2-C44117AD4E9B", "versionEndIncluding": "16.1.1", "versionStartIncluding": "16.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected."}, {"lang": "es", "value": "Se ha descubierto un problema en OpenStack Nova en versiones 15.x hasta la 15.1.0 y 16.x hasta la 16.1.1. Al desconectar y volver a conectar un volumen cifrado, un atacante podr\u00eda acceder al volumen en bruto subyacente y corromper la cabecera LUKS, resultando en un ataque de denegaci\u00f3n de servicio (DoS) en el host de computaci\u00f3n. (El mismo c\u00f3digo de error resulta en p\u00e9rdida de datos, pero no se trata de una vulnerabilidad porque el usuario pierde sus propios datos). Todas las configuraciones de Nova que soportan vol\u00famenes cifrados est\u00e1n afectadas."}], "id": "CVE-2017-18191", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-19T17:29:00.203", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2018/04/20/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103104"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2332"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2714"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2855"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1739593"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://review.openstack.org/539893"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2018-001.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:2714", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "openstack-nova-1:14.1.0-26.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2018-09-17T00:00:00Z"}, {"advisory": "RHSA-2018:2332", "cpe": "cpe:/a:redhat:openstack:12::el7", "package": "openstack-nova-1:16.1.4-6.el7ost", "product_name": "Red Hat OpenStack Platform 12.0 (Pike)", "release_date": "2018-08-20T00:00:00Z"}, {"advisory": "RHSA-2018:2855", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "openstack-nova-1:13.1.4-24.el7ost", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2018-10-02T00:00:00Z"}], "bugzilla": {"description": "openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host", "id": "1546937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546937"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.", "OpenStack Nova has a vulnerability in the handling of encrypted volumes. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. All Nova installations supporting encrypted volumes are affected."], "name": "CVE-2017-18191", "package_state": [{"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "package_name": "openstack-nova", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Will not fix", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}], "public_date": "2018-02-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-18191\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18191"], "threat_severity": "Moderate"}