CVE-2014-8750

NameCVE-2014-8750
DescriptionRace condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nova (PTS)bullseye2:22.0.1-2+deb11u1fixed
bullseye (security)2:22.4.0-1~deb11u7fixed
bookworm2:26.2.2-1~deb12u3fixed
bookworm (security)2:26.2.2-1~deb12u4fixed
trixie2:31.0.0-6+deb13u1fixed
trixie (security)2:31.0.0-6+deb13u2fixed
forky, sid2:32.1.0-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
novasource(unstable)(not affected)

Notes

- nova <not-affected> (ESX driver not enabled in libvirt)
https://launchpad.net/bugs/1357372
Search for package or bug name: Reporting problems