CVE-2022-37394

openstack-nova: Compute service fails to restart if the vnic_type of a bound port changed from direct to macvtap

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

Se ha detectado un problema en OpenStack Nova versiones anteriores a 23.2.2, 24.x anteriores a 24.1.2 y 25.x anteriores a 25.0.2. Al crear un puerto de neutrones con el vnic_type directo, crear una instancia vinculada a ese puerto y luego cambiar el vnic_type del puerto vinculado a macvtap, un usuario autenticado puede causar que el servicio de computación no sea reiniciado, resultando en una posible denegación de servicio. Sólo están afectadas las implantaciones de Nova configuradas con SR-IOV

OpenStack Compute is open source software designed to provision and manage large networks of virtual machines,creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-03 CVE Reserved
2022-08-03 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2025-05-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (5)

URL	Tag	Source
https://review.opendev.org/c/openstack/nova/+/850003	Third Party Advisory

URL	Date	SRC
https://bugs.launchpad.net/ossa/+bug/1981813	2024-08-03

URL	Date	SRC
https://review.opendev.org/c/openstack/nova/+/849985	2022-08-10

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-37394	2023-04-26
https://bugzilla.redhat.com/show_bug.cgi?id=2117333	2023-04-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Nova Search vendor "Openstack" for product "Nova"				< 23.2.2 Search vendor "Openstack" for product "Nova" and version " < 23.2.2"		-		Affected
Openstack Search vendor "Openstack"		Nova Search vendor "Openstack" for product "Nova"				>= 24.0.0 < 24.1.2 Search vendor "Openstack" for product "Nova" and version " >= 24.0.0 < 24.1.2"		-		Affected
Openstack Search vendor "Openstack"		Nova Search vendor "Openstack" for product "Nova"				>= 25.0.0 < 25.0.2 Search vendor "Openstack" for product "Nova" and version " >= 25.0.0 < 25.0.2"		-		Affected