Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Vulnerability Type
在范围间的资源转移不正确
Vulnerability Title
OpenStack Nova 安全漏洞
Vulnerability Description
OpenStack Nova是OpenStack开源的一款核心计算服务组件。 OpenStack Nova 30.2.2之前版本、31.2.1之前版本和32.1.1之前版本存在安全漏洞,该漏洞源于Flat镜像后端处理恶意QCOW头文件时未施加格式限制,可能导致不安全的镜像调整大小操作,从而破坏主机系统上的数据。
CVSS Information
N/A
Vulnerability Type
N/A