CVE-2022-37394 Affecting nova package, versions *
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-NOVA-2970505
- published 4 Aug 2022
- disclosed 3 Aug 2022
Introduced: 3 Aug 2022
CVE-2022-37394 Open this link in a new tabHow to fix?
There is no fixed version for Debian:11
nova
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream nova
package and not the nova
package as distributed by Debian
.
See How to fix?
for Debian:11
relevant fixed versions and status.
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.