Vulnerability Name:

CVE-2020-17376 (CCN-187360)

Assigned:2020-08-25
Published:2020-08-25
Updated:2020-09-14
Summary:An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.
CVSS v3 Severity:8.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)
7.2 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): Low
7.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
8.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-611
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-17376

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/08/25/4

Source: CCN
Type: OSSA-2020-006
Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)

Source: XF
Type: UNKNOWN
openstack-cve202017376-sec-bypass(187360)

Source: MISC
Type: Exploit, Third Party Advisory
https://launchpad.net/bugs/1890501

Source: CCN
Type: oss-sec Mailing List, Tue, 25 Aug 2020 16:24:07 +0000
[OSSA-2020-006] Nova: Live migration fails to update persistent domain XML (CVE-2020-17376)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://security.openstack.org/ossa/OSSA-2020-006.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openstack:nova:*:*:*:*:*:*:*:* (Version < 19.3.1)
  • OR cpe:/a:openstack:nova:*:*:*:*:*:*:*:* (Version >= 20.0.0 and < 20.3.1)
  • OR cpe:/a:openstack:nova:21.0.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202017376
    V
    CVE-2020-17376
    2022-05-22
    oval:org.opensuse.security:def:58038
    P
    Security update for qemu (Important)
    2021-11-10
    oval:org.opensuse.security:def:61677
    P
    xdg-utils-20170508-3.2 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:61654
    P
    shim-15+git47-1.5 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:61653
    P
    sharutils-4.15.2-2.21 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:63205
    P
    gnuplot-5.2.2-3.3.29 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:63204
    P
    freeradius-server-3.0.16-3.3.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:60340
    P
    Security update for openssl-1_1 (Important)
    2021-08-24
    oval:org.opensuse.security:def:63443
    P
    libxslt1-32bit-1.1.32-3.8.24 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63437
    P
    libsndfile1-32bit-1.0.28-5.5.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63102
    P
    reiserfs-kmp-default-5.3.18-57.3 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63336
    P
    libcacard-devel-2.5.3-1.27 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63496
    P
    libsybdb5-1.1.36-3.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63471
    P
    flac-1.3.2-3.6.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62119
    P
    libXRes1-1.2.0-1.18 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62211
    P
    libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62313
    P
    python3-waitress-1.4.3-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62753
    P
    gnome-shell-3.34.5-8.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:57479
    P
    Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:63546
    P
    libmwaw-0_3-3-0.3.13-2.25 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:57930
    P
    Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:63074
    P
    libopenssl-1_0_0-devel-1.0.2p-3.14.2 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:59856
    P
    Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:60456
    P
    Security update for tomcat (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:60300
    P
    Security update for postgresql, postgresql12, postgresql13 (Important)
    2021-01-26
    oval:org.opensuse.security:def:61058
    P
    Security update for openexr (Moderate)
    2020-12-23
    oval:org.opensuse.security:def:62972
    P
    perl-Archive-Extract-0.80-1.24 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62407
    P
    gcab-1.1-1.15 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:61846
    P
    libmspack-devel-0.6-3.8.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63308
    P
    uuidd-2.33.1-4.5.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63581
    P
    imobiledevice-tools-1.2.0+git20170122.45fda81-1.44 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62443
    P
    libgypsy-devel-0.9-2.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63298
    P
    rarpd-s20161105-6.10 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:61937
    P
    pam_ssh-2.1-2.27 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63387
    P
    apache-commons-beanutils-1.9.2-2.46 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62539
    P
    libXi6-32bit-1.7.9-1.23 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63404
    P
    apache-commons-beanutils-1.9.4-1.68 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:61766
    P
    hardlink-1.0+git.e66999f-1.25 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62653
    P
    libSoundTouch0-1.8.0-3.11.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:61743
    P
    fuse-2.9.7-3.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:61742
    P
    freetype2-devel-2.10.1-4.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:60111
    P
    Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:60899
    P
    Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56822
    P
    Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:58130
    P
    Security update for python-Pillow (Important)
    2020-12-01
    oval:org.opensuse.security:def:60041
    P
    Security update for bash (Important)
    2020-12-01
    oval:org.opensuse.security:def:60672
    P
    Security update for python-PyKMIP (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56800
    P
    Security update for qemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:60718
    P
    Security update for python3-requests (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:60978
    P
    Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:58323
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:60552
    P
    sysvinit-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56799
    P
    Security update for ucode-intel (Important)
    2020-12-01
    oval:org.opensuse.security:def:60790
    P
    Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift (Important)
    2020-12-01
    oval:org.opensuse.security:def:60937
    P
    Security update for galera-3, mariadb, mariadb-connector-c (Important)
    2020-12-01
    oval:org.opensuse.security:def:58204
    P
    Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:60761
    P
    Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:57373
    P
    Security update for icedtea-web
    2020-12-01
    oval:org.opensuse.security:def:60815
    P
    Security update for python3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:58273
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:57200
    P
    Security update for compat-openssl097g
    2020-12-01
    oval:org.opensuse.security:def:60634
    P
    Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:60600
    P
    Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:57645
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:61028
    P
    Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:58242
    P
    Security update for sssd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56962
    P
    Security update for freerdp (Important)
    2020-12-01
    oval:org.opensuse.security:def:60711
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:58348
    P
    Security update for qemu (Moderate)
    2020-11-29
    oval:org.opensuse.security:def:84056
    P
    Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift (Important)
    2020-11-12
    oval:org.opensuse.security:def:84511
    P
    Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift (Important)
    2020-11-12
    BACK
    openstack nova *
    openstack nova *
    openstack nova 21.0.0