CVE-2024-40767

Name	CVE-2024-40767
Description	In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
nova (PTS)	bullseye	2:22.0.1-2+deb11u1	fixed
	bullseye (security)	2:22.4.0-1~deb11u5	fixed
	bookworm, bookworm (security)	2:26.2.2-1~deb12u3	fixed
	trixie, sid	2:29.0.2-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
nova	source	(unstable)	(not affected)

- nova <not-affected> (Incomplete fix/regression never introduced in Debian as fix for CVE-2024-32498 complete)