A validation flaw was discovered in the iptables firewall module in OpenStack Neutron. By setting a destination port in a security group rule, along with a protocol that does not support that option (for example, VRRP), an authenticated user could block further application of security group rules for instances from any project or tenant on the compute hosts to which it’s applied. Only OpenStack deployments that use the iptables security group driver are affected.