vulnerability

Debian: CVE-2020-17376: nova -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	08/26/2020	07/30/2024	07/30/2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

08/26/2020

Added

07/30/2024

Modified

07/30/2024

Description

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.

Solution

debian-upgrade-nova

References

CVE-2020-17376
https://attackerkb.com/topics/CVE-2020-17376

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today