CVE-2015-5162

openstack-nova/glance/cinder: Malicious image may exhaust resources

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

El analizador de imagen en OpenStack Cinder 7.0.2 y 8.0.0 hasta la versión 8.1.1; Glance en versiones anteriores a 11.0.1 y 12.0.0; y Nova en versiones anteriores a 12.0.4 y 13.0.0 no limita adecuadamente las llamadas a qemu-img, lo que podría permitir a atacantes provocar una denegación de servicio (consumo de memoria y disco) a través de una imagen de disco manipulada.

A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.

The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running external processes. OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-07-01 CVE Reserved
2016-10-07 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors
CWE-400: Uncontrolled Resource Consumption

CAPEC

References (11)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2016/10/06/8	Mailing List
http://www.securityfocus.com/bid/76849	Vdb Entry

URL	Date	SRC
https://launchpad.net/bugs/1449062	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2016-2923.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2016-2991.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2017-0153.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2017-0156.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2017-0165.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2017-0282.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2015-5162	2017-02-15
https://bugzilla.redhat.com/show_bug.cgi?id=1268303	2017-02-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Cinder Search vendor "Openstack" for product "Cinder"				7.0.2 Search vendor "Openstack" for product "Cinder" and version "7.0.2"		-		Affected
Openstack Search vendor "Openstack"		Cinder Search vendor "Openstack" for product "Cinder"				8.0.0 Search vendor "Openstack" for product "Cinder" and version "8.0.0"		-		Affected
Openstack Search vendor "Openstack"		Cinder Search vendor "Openstack" for product "Cinder"				8.1.0 Search vendor "Openstack" for product "Cinder" and version "8.1.0"		-		Affected
Openstack Search vendor "Openstack"		Glance Search vendor "Openstack" for product "Glance"				<= 11.0.0 Search vendor "Openstack" for product "Glance" and version " <= 11.0.0"		-		Affected
Openstack Search vendor "Openstack"		Glance Search vendor "Openstack" for product "Glance"				11.0.1 Search vendor "Openstack" for product "Glance" and version "11.0.1"		-		Affected
Openstack Search vendor "Openstack"		Glance Search vendor "Openstack" for product "Glance"				12.0.0 Search vendor "Openstack" for product "Glance" and version "12.0.0"		-		Affected
Openstack Search vendor "Openstack"		Nova Search vendor "Openstack" for product "Nova"				<= 12.0.3 Search vendor "Openstack" for product "Nova" and version " <= 12.0.3"		-		Affected
Openstack Search vendor "Openstack"		Nova Search vendor "Openstack" for product "Nova"				13.0.0 Search vendor "Openstack" for product "Nova" and version "13.0.0"		-		Affected