#VU10864 Improper input validation


Published: 2018-03-07

Vulnerability identifier: #VU10864

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-18191

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Openstack Nova
Client/Desktop applications / Other client software

Vendor: Openstack

Description
The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to insufficient handling of encrypted volumes. A local attacker can swap encrypted volumes, corrupt the LUKS headers and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Openstack Nova: 15.0.0 - 16.0.4


CPE

External links
http://review.openstack.org/#/c/539893/


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability