CVE-2024-40767

2024-07-2300:00:00

ubuntu.com

incomplete file access fix

qcow2

vmdk

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by
supplying a raw format image that is actually a crafted QCOW2 image with a
backing file path or VMDK flat image with a descriptor file path, an
authenticated user may convince systems to return a copy of the referenced
file’s contents from the server, resulting in unauthorized access to
potentially sensitive data. All Nova deployments are affected. NOTE: this
issue exists because of an incomplete fix for CVE-2022-47951 and
CVE-2024-32498.

Bugs

<https://launchpad.net/bugs/2071734 (upstream bug)>

Notes

Author	Note
mdeslaur	incomplete fix for OSSA-2024-001

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnova< anyUNKNOWN
ubuntu20.04noarchnova< 2:21.2.4-0ubuntu2.11UNKNOWN
ubuntu22.04noarchnova< 3:25.2.1-0ubuntu2.6UNKNOWN
ubuntu24.04noarchnova< 3:29.0.1-0ubuntu1.4UNKNOWN
ubuntu16.04noarchnova< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	nova	< any	UNKNOWN
ubuntu	20.04	noarch	nova	< 2:21.2.4-0ubuntu2.11	UNKNOWN
ubuntu	22.04	noarch	nova	< 3:25.2.1-0ubuntu2.6	UNKNOWN
ubuntu	24.04	noarch	nova	< 3:29.0.1-0ubuntu1.4	UNKNOWN
ubuntu	16.04	noarch	nova	< any	UNKNOWN