CVE-2026-24708
📋 TL;DR
This vulnerability in OpenStack Nova allows authenticated users to trigger unsafe image resize operations by writing malicious QCOW headers to root or ephemeral disks. This could lead to data destruction on the host system. Only compute nodes using the Flat image backend (typically configured with use_cow_images=False) are affected.
💻 Affected Systems
- OpenStack Nova
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete data destruction on the host system, potentially affecting multiple virtual machines and causing service disruption.
Likely Case
Targeted data corruption or destruction on specific compute nodes, leading to VM downtime and data loss.
If Mitigated
Limited impact with proper access controls and monitoring in place, potentially only affecting isolated resources.
🎯 Exploit Status
Requires authenticated user access and specific configuration (Flat image backend)
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Nova 30.2.2, 31.2.1, or 32.1.1
Vendor Advisory: https://bugs.launchpad.net/nova/+bug/2137507
Restart Required: Yes
Instructions:
1. Upgrade Nova to version 30.2.2, 31.2.1, or 32.1.1 depending on your current version. 2. Restart Nova services. 3. Verify the fix is applied.
🔧 Temporary Workarounds
Disable Flat image backend
linuxSwitch from Flat image backend to another backend if possible
# Modify nova.conf to use different image backend
# Set use_cow_images=True if switching from Flat backend
Restrict user permissions
allLimit which users can trigger image resize operations
# Review and tighten Nova user roles and permissions
# Implement least privilege access controls
🧯 If You Can't Patch
- Implement strict access controls to limit who can trigger image resize operations
- Monitor for suspicious image resize activities and implement alerting
🔍 How to Verify
Check if Vulnerable:
Check Nova version and verify if using Flat image backend with use_cow_images=FalseCheck Version:
nova-manage versionVerify Fix Applied:
Verify Nova version is 30.2.2, 31.2.1, or 32.1.1 or later📡 Detection & Monitoring
Log Indicators:
- Unusual qemu-img resize operations
- Multiple image resize attempts from single user
- Failed resize operations with QCOW headers
Network Indicators:
- Increased API calls to image resize endpoints
SIEM Query:
source="nova" AND ("resize" OR "qemu-img") AND status="error"