CVE-2014-8333 — OpenStack Nova VMware instance leak potentially leading to compute DoS

Description

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

How to fix CVE-2014-8333

To remediate CVE-2014-8333, upgrade the affected package to a fixed version below.

Debian/nova—upgrade to 2014.1.3-7 or later
PyPI/nova—upgrade to 12.0.0a0 or later

Is CVE-2014-8333 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2014.1.3-7
from 0, < 12.0.0a0

References (10)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-8333
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-8333
PATCHgithub.com/openstack/nova
WEBlists.openstack.org/pipermail/openstack-announce/2014-October/000298.html
WEB