Improper Check for Unusual or Exceptional Conditions in openstack-neutron - CVE-2024-53916
Published: July 25, 2025
Vulnerability identifier: #VU113218
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-53916
CWE-ID: CWE-754
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Openstack
Affected software:
openstack-neutron
openstack-neutron
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. A remote attacker can change (add and clear) tags on network objects that do not belong to the attacker, and this action is not subjected to the proper policy authorization check.
How to mitigate CVE-2024-53916
Install updates from vendor's website.
Sources
- http://www.openwall.com/lists/oss-security/2024/12/03/1
- https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232
- https://review.opendev.org/c/openstack/neutron/+/935883
- https://review.opendev.org/q/project:openstack/neutron
- https://security.openstack.org/ossa/OSSA-2024-005.html