{"id":"PYSEC-2026-882","summary":"OpenStack Nova Changing vnic_type breaks compute service restart","details":"An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.","aliases":["CVE-2022-37394","GHSA-v725-c588-h936"],"modified":"2026-07-07T11:45:15.739964357Z","published":"2026-07-06T08:03:31.644390Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511"},{"type":"WEB","url":"https://bugs.launchpad.net/ossa/+bug/1981813"},{"type":"PACKAGE","url":"https://github.com/openstack/nova"},{"type":"WEB","url":"https://review.opendev.org/c/openstack/nova/+/849985"},{"type":"WEB","url":"https://review.opendev.org/c/openstack/nova/+/850003"},{"type":"PACKAGE","url":"https://pypi.org/project/nova"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-v725-c588-h936"}],"affected":[{"package":{"name":"nova","ecosystem":"PyPI","purl":"pkg:pypi/nova"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.2.2"},{"introduced":"24.0.0"},{"fixed":"24.1.2"},{"introduced":"25.0.0"},{"fixed":"25.0.2"}]}],"versions":["15.1.5","16.1.6","16.1.7","16.1.8","17.0.10","17.0.11","17.0.12","17.0.13","17.0.7","17.0.8","17.0.9","18.0.2","18.0.3","18.1.0","18.2.0","18.2.1","18.2.2","18.2.3","18.3.0","19.0.0","19.0.0.0rc1","19.0.0.0rc2","19.0.1","19.0.2","19.0.3","19.1.0","19.2.0","19.3.0","19.3.1","19.3.2","20.0.0","20.0.0.0rc1","20.0.0.0rc2","20.0.1","20.1.0","20.1.1","20.2.0","20.3.0","20.4.0","20.4.1","20.5.0","20.6.0","20.6.1","21.0.0","21.0.0.0rc1","21.0.0.0rc2","21.1.0","21.1.1","21.1.2","21.2.0","21.2.1","21.2.2","21.2.3","21.2.4","22.0.0","22.0.0.0rc1","22.0.1","22.1.0","22.2.0","22.2.1","22.2.2","22.3.0","22.4.0","23.0.0","23.0.0.0rc1","23.0.0.0rc2","23.0.1","23.0.2","23.1.0","23.2.0","23.2.1","24.0.0","24.1.0","24.1.1","25.0.0","25.0.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-882.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}