CVE-2026-24708
Summary
| CVE | CVE-2026-24708 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-02-18 18:24:33 UTC |
| Updated | 2026-06-30 03:17:38 UTC |
| Description | An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected. |
Risk And Classification
Primary CVSS: v3.1 7.1 HIGH from ADP
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS: 0.003410000 probability, percentile 0.260650000 (date 2026-07-01)
Problem Types: CWE-669 | CWE-73 | CWE-669 CWE-669 Incorrect Resource Transfer Between Spheres | CWE-73 External Control of File Name or Path
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | CVSS | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| 3.1 | [email protected] | Secondary | 8.2 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| 3.1 | CNA | DECLARED | 8.2 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | OpenStack | Nova | affected 30.2.2 semver | Not specified |
| CNA | OpenStack | Nova | affected 31.0.0 31.2.1 semver | Not specified |
| CNA | OpenStack | Nova | affected 32.0.0 32.1.1 semver | Not specified |
| ADP | Red Hat | Red Hat OpenStack Services On OpenShift 18.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 13 Queens | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 16.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 17.1 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 18.0 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com/errata/RHSA-2026:7884 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| bugs.launchpad.net/nova/+bug/2137507 | [email protected] | bugs.launchpad.net | |
| access.redhat.com/security/cve/CVE-2026-24708 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| www.openwall.com/lists/oss-security/2026/02/17/7 | [email protected] | www.openwall.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24708.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| lists.debian.org/debian-lts-announce/2026/02/msg00025.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-01-16T06:29:23.249Z | Reported to Red Hat. |
| ADP | 2026-02-17T15:00:00.000Z | Made public. |
Solutions
ADP: RHSA-2026:7884: Red Hat OpenStack Services on OpenShift 18.0
Workarounds
ADP: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
There are currently no legacy QID mappings associated with this CVE.