CVE-2022-37394 Affecting nova package, versions *
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-NOVA-2970506
- published 4 Aug 2022
- disclosed 3 Aug 2022
Introduced: 3 Aug 2022
CVE-2022-37394 Open this link in a new tabHow to fix?
There is no fixed version for Debian:10 nova.
NVD Description
Note: Versions mentioned in the description apply only to the upstream nova package and not the nova package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.