{"id":"USN-6911-1","summary":"nova vulnerability","details":"Arnaud Morin discovered that Nova incorrectly handled certain raw format\nimages. An authenticated user could use this issue to access arbitrary\nfiles on the server, possibly exposing sensitive information.\n","modified":"2026-02-10T04:44:41Z","published":"2024-07-23T16:41:30Z","related":["UBUNTU-CVE-2024-40767"],"upstream":["CVE-2024-40767","UBUNTU-CVE-2024-40767"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6911-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-40767"}],"affected":[{"package":{"name":"nova","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/nova@2:21.2.4-0ubuntu2.11?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:21.2.4-0ubuntu2.11"}]}],"versions":["2:20.0.0-0ubuntu1","2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1","2:21.0.0~b2~git2020021008.1fcd74730d-0ubuntu2","2:21.0.0~b2~git2020021008.1fcd74730d-0ubuntu4","2:21.0.0~b2~git2020021008.1fcd74730d-0ubuntu5","2:21.0.0~b3~git2020041013.57ff308d6d-0ubuntu2","2:21.0.0-0ubuntu0.20.04.1","2:21.0.0-0ubuntu0.20.04.2","2:21.1.0-0ubuntu1","2:21.1.1-0ubuntu2","2:21.1.2-0ubuntu1","2:21.2.0-0ubuntu1","2:21.2.1-0ubuntu1","2:21.2.2-0ubuntu1","2:21.2.3-0ubuntu1","2:21.2.4-0ubuntu1","2:21.2.4-0ubuntu2","2:21.2.4-0ubuntu2.1","2:21.2.4-0ubuntu2.2","2:21.2.4-0ubuntu2.3","2:21.2.4-0ubuntu2.4","2:21.2.4-0ubuntu2.5","2:21.2.4-0ubuntu2.6","2:21.2.4-0ubuntu2.8"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"nova-ajax-console-proxy","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-api","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-api-metadata","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-api-os-compute","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-api-os-volume","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-cells","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-common","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-compute","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-compute-kvm","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-compute-libvirt","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-compute-lxc","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-compute-qemu","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-compute-vmware","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-compute-xen","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-conductor","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-novncproxy","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-scheduler","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-serialproxy","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-spiceproxy","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"nova-volume","binary_version":"2:21.2.4-0ubuntu2.11"},{"binary_name":"python3-nova","binary_version":"2:21.2.4-0ubuntu2.11"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6911-1.json","cves_map":{"cves":[{"id":"CVE-2024-40767","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"nova","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/nova@3:25.2.1-0ubuntu2.6?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:25.2.1-0ubuntu2.6"}]}],"versions":["3:24.0.0-0ubuntu1","3:24.0.0+git2022030310.3f274c65cc-0ubuntu2","3:25.0.0-0ubuntu1","3:25.0.0-0ubuntu1.1","3:25.0.1-0ubuntu1","3:25.1.0-0ubuntu1","3:25.1.0-0ubuntu2","3:25.1.0-0ubuntu2.1","3:25.1.0-0ubuntu2.2","3:25.1.1-0ubuntu1","3:25.1.1-0ubuntu1.1","3:25.2.0-0ubuntu1","3:25.2.1-0ubuntu1","3:25.2.1-0ubuntu2","3:25.2.1-0ubuntu2.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"nova-ajax-console-proxy","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-api","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-api-metadata","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-api-os-compute","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-api-os-volume","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-cells","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-common","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-compute","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-compute-ironic","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-compute-kvm","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-compute-libvirt","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-compute-lxc","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-compute-qemu","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-compute-vmware","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-compute-xen","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-conductor","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-novncproxy","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-scheduler","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-serialproxy","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-spiceproxy","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"nova-volume","binary_version":"3:25.2.1-0ubuntu2.6"},{"binary_name":"python3-nova","binary_version":"3:25.2.1-0ubuntu2.6"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6911-1.json","cves_map":{"cves":[{"id":"CVE-2024-40767","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"nova","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/nova@3:29.0.1-0ubuntu1.4?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:29.0.1-0ubuntu1.4"}]}],"versions":["3:28.0.0-0ubuntu1","3:28.0.1+git2024011916.087c372a-0ubuntu1","3:28.0.1+git2024011916.087c372a-0ubuntu2","3:29.0.0~rc1-0ubuntu2","3:29.0.1-0ubuntu1","3:29.0.1-0ubuntu1.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"nova-ajax-console-proxy","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-api","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-api-metadata","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-api-os-compute","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-api-os-volume","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-cells","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-common","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-compute","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-compute-ironic","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-compute-kvm","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-compute-libvirt","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-compute-lxc","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-compute-qemu","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-compute-vmware","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-compute-xen","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-conductor","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-novncproxy","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-scheduler","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-serialproxy","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-spiceproxy","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"nova-volume","binary_version":"3:29.0.1-0ubuntu1.4"},{"binary_name":"python3-nova","binary_version":"3:29.0.1-0ubuntu1.4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6911-1.json","cves_map":{"cves":[{"id":"CVE-2024-40767","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.3"}