An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "nova-api": "2:17.0.0~rc2-0ubuntu1", "nova-volume": "2:17.0.0~rc2-0ubuntu1", "nova-doc": "2:17.0.0~rc2-0ubuntu1", "nova-compute-lxc": "2:17.0.0~rc2-0ubuntu1", "nova-console": "2:17.0.0~rc2-0ubuntu1", "nova-novncproxy": "2:17.0.0~rc2-0ubuntu1", "nova-compute-libvirt": "2:17.0.0~rc2-0ubuntu1", "nova-compute-qemu": "2:17.0.0~rc2-0ubuntu1", "nova-xvpvncproxy": "2:17.0.0~rc2-0ubuntu1", "nova-api-os-compute": "2:17.0.0~rc2-0ubuntu1", "nova-compute-kvm": "2:17.0.0~rc2-0ubuntu1", "nova-ajax-console-proxy": "2:17.0.0~rc2-0ubuntu1", "nova-spiceproxy": "2:17.0.0~rc2-0ubuntu1", "nova-compute-vmware": "2:17.0.0~rc2-0ubuntu1", "nova-compute-xen": "2:17.0.0~rc2-0ubuntu1", "nova-network": "2:17.0.0~rc2-0ubuntu1", "nova-conductor": "2:17.0.0~rc2-0ubuntu1", "nova-compute": "2:17.0.0~rc2-0ubuntu1", "nova-scheduler": "2:17.0.0~rc2-0ubuntu1", "python-nova": "2:17.0.0~rc2-0ubuntu1", "nova-api-metadata": "2:17.0.0~rc2-0ubuntu1", "nova-common": "2:17.0.0~rc2-0ubuntu1", "nova-api-os-volume": "2:17.0.0~rc2-0ubuntu1", "nova-placement-api": "2:17.0.0~rc2-0ubuntu1", "nova-serialproxy": "2:17.0.0~rc2-0ubuntu1", "nova-cells": "2:17.0.0~rc2-0ubuntu1", "nova-consoleauth": "2:17.0.0~rc2-0ubuntu1" } ] }