{"id":"USN-8049-1","summary":"nova vulnerability","details":"Dan Smith discovered that Nova incorrectly called qemu-img without a format\nrestriction when resizing disks. An attacker could possibly use this issue\nto destroy data on the host system.","modified":"2026-04-27T18:38:41.263890Z","published":"2026-02-17T16:40:32Z","related":["UBUNTU-CVE-2026-24708"],"upstream":["CVE-2026-24708","UBUNTU-CVE-2026-24708"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8049-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-24708"}],"affected":[{"package":{"name":"nova","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/nova@3:25.2.1-0ubuntu2.10?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:25.2.1-0ubuntu2.10"}]}],"versions":["3:24.0.0-0ubuntu1","3:24.0.0+git2022030310.3f274c65cc-0ubuntu2","3:25.0.0-0ubuntu1","3:25.0.0-0ubuntu1.1","3:25.0.1-0ubuntu1","3:25.1.0-0ubuntu1","3:25.1.0-0ubuntu2","3:25.1.0-0ubuntu2.1","3:25.1.0-0ubuntu2.2","3:25.1.1-0ubuntu1","3:25.1.1-0ubuntu1.1","3:25.2.0-0ubuntu1","3:25.2.1-0ubuntu1","3:25.2.1-0ubuntu2","3:25.2.1-0ubuntu2.3","3:25.2.1-0ubuntu2.6","3:25.2.1-0ubuntu2.7","3:25.2.1-0ubuntu2.8","3:25.2.1-0ubuntu2.9"],"ecosystem_specific":{"binaries":[{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-ajax-console-proxy"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-api"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-api-metadata"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-api-os-compute"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-api-os-volume"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-cells"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-common"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-compute"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-compute-ironic"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-compute-kvm"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-compute-libvirt"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-compute-lxc"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-compute-qemu"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-compute-vmware"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-compute-xen"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-conductor"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-novncproxy"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-scheduler"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-serialproxy"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-spiceproxy"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"nova-volume"},{"binary_version":"3:25.2.1-0ubuntu2.10","binary_name":"python3-nova"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2026-24708","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8049-1.json"}},{"package":{"name":"nova","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/nova@3:29.2.0-0ubuntu1.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:29.2.0-0ubuntu1.3"}]}],"versions":["3:28.0.0-0ubuntu1","3:28.0.1+git2024011916.087c372a-0ubuntu1","3:28.0.1+git2024011916.087c372a-0ubuntu2","3:29.0.0~rc1-0ubuntu2","3:29.0.1-0ubuntu1","3:29.0.1-0ubuntu1.3","3:29.0.1-0ubuntu1.4","3:29.2.0-0ubuntu1","3:29.2.0-0ubuntu1.1","3:29.2.0-0ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-ajax-console-proxy"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-api"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-api-metadata"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-api-os-compute"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-api-os-volume"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-cells"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-common"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-compute"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-compute-ironic"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-compute-kvm"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-compute-libvirt"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-compute-lxc"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-compute-qemu"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-compute-vmware"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-compute-xen"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-conductor"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-novncproxy"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-scheduler"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-serialproxy"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-spiceproxy"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"nova-volume"},{"binary_version":"3:29.2.0-0ubuntu1.3","binary_name":"python3-nova"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"id":"CVE-2026-24708","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8049-1.json"}},{"package":{"name":"nova","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/nova@3:32.0.0-0ubuntu1.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:32.0.0-0ubuntu1.1"}]}],"versions":["3:31.0.0-0ubuntu1","3:31.0.0+git2025070714.1c03429337-0ubuntu1","3:31.0.0+git2025070714.1c03429337-0ubuntu2","3:32.0.0~rc1-0ubuntu1","3:32.0.0-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-ajax-console-proxy"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-api"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-api-metadata"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-api-os-compute"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-api-os-volume"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-cells"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-common"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-compute"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-compute-ironic"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-compute-kvm"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-compute-libvirt"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-compute-lxc"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-compute-qemu"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-compute-vmware"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-compute-xen"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-conductor"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-novncproxy"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-scheduler"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-serialproxy"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-spiceproxy"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"nova-volume"},{"binary_version":"3:32.0.0-0ubuntu1.1","binary_name":"python3-nova"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"id":"CVE-2026-24708","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8049-1.json"}}],"schema_version":"1.7.5"}