{"id":"USN-8434-1","summary":"nova vulnerability","details":"It was discovered that Nova did not strip internal _nova-prefixed\nscheduler hints supplied by users on instance creation. An attacker could\npossibly use this issue to bypass Placement resource claims and\nscheduling constraint enforcement.","modified":"2026-06-17T11:14:13.472989667Z","published":"2026-06-16T14:45:58Z","related":["UBUNTU-CVE-2026-46448"],"upstream":["CVE-2026-46448","UBUNTU-CVE-2026-46448"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8434-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-46448"}],"affected":[{"package":{"name":"nova","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/nova?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:25.2.1-0ubuntu2.11"}]}],"versions":["3:24.0.0-0ubuntu1","3:24.0.0+git2022030310.3f274c65cc-0ubuntu2","3:25.0.0-0ubuntu1","3:25.0.0-0ubuntu1.1","3:25.0.1-0ubuntu1","3:25.1.0-0ubuntu1","3:25.1.0-0ubuntu2","3:25.1.0-0ubuntu2.1","3:25.1.0-0ubuntu2.2","3:25.1.1-0ubuntu1","3:25.1.1-0ubuntu1.1","3:25.2.0-0ubuntu1","3:25.2.1-0ubuntu1","3:25.2.1-0ubuntu2","3:25.2.1-0ubuntu2.3","3:25.2.1-0ubuntu2.6","3:25.2.1-0ubuntu2.7","3:25.2.1-0ubuntu2.8","3:25.2.1-0ubuntu2.9","3:25.2.1-0ubuntu2.10"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-ajax-console-proxy"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-api"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-api-metadata"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-api-os-compute"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-api-os-volume"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-cells"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-common"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-compute"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-compute-ironic"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-compute-kvm"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-compute-libvirt"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-compute-lxc"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-compute-qemu"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-compute-vmware"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-compute-xen"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-conductor"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-novncproxy"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-scheduler"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-serialproxy"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-spiceproxy"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"nova-volume"},{"binary_version":"3:25.2.1-0ubuntu2.11","binary_name":"python3-nova"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8434-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-46448"}]}}},{"package":{"name":"nova","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/nova?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:29.2.0-0ubuntu1.7"}]}],"versions":["3:28.0.0-0ubuntu1","3:28.0.1+git2024011916.087c372a-0ubuntu1","3:28.0.1+git2024011916.087c372a-0ubuntu2","3:29.0.0~rc1-0ubuntu2","3:29.0.1-0ubuntu1","3:29.0.1-0ubuntu1.3","3:29.0.1-0ubuntu1.4","3:29.2.0-0ubuntu1","3:29.2.0-0ubuntu1.1","3:29.2.0-0ubuntu1.2","3:29.2.0-0ubuntu1.3","3:29.2.0-0ubuntu1.4","3:29.2.0-0ubuntu1.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-ajax-console-proxy"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-api"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-api-metadata"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-api-os-compute"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-api-os-volume"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-cells"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-common"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-compute"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-compute-ironic"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-compute-kvm"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-compute-libvirt"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-compute-lxc"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-compute-qemu"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-compute-vmware"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-compute-xen"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-conductor"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-novncproxy"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-scheduler"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-serialproxy"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-spiceproxy"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"nova-volume"},{"binary_version":"3:29.2.0-0ubuntu1.7","binary_name":"python3-nova"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8434-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-46448"}]}}},{"package":{"name":"nova","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/nova?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:32.0.0-0ubuntu1.3"}]}],"versions":["3:31.0.0-0ubuntu1","3:31.0.0+git2025070714.1c03429337-0ubuntu1","3:31.0.0+git2025070714.1c03429337-0ubuntu2","3:32.0.0~rc1-0ubuntu1","3:32.0.0-0ubuntu1","3:32.0.0-0ubuntu1.1","3:32.0.0-0ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-ajax-console-proxy"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-api"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-api-metadata"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-api-os-compute"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-api-os-volume"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-cells"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-common"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-compute"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-compute-ironic"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-compute-kvm"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-compute-libvirt"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-compute-lxc"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-compute-qemu"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-compute-vmware"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-compute-xen"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-conductor"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-novncproxy"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-scheduler"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-serialproxy"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-spiceproxy"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"nova-volume"},{"binary_version":"3:32.0.0-0ubuntu1.3","binary_name":"python3-nova"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8434-1.json","cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-46448"}]}}},{"package":{"name":"nova","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/nova?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:33.0.0-0ubuntu3.1"}]}],"versions":["3:32.0.0-0ubuntu1","3:32.0.0+git20260128.59a7093-0ubuntu1","3:33.0.0~rc1-0ubuntu1","3:33.0.0-0ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-ajax-console-proxy"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-api"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-api-metadata"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-api-os-compute"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-api-os-volume"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-cells"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-common"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-compute"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-compute-ironic"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-compute-kvm"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-compute-libvirt"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-compute-lxc"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-compute-qemu"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-compute-vmware"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-compute-xen"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-conductor"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-novncproxy"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-scheduler"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-serialproxy"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-spiceproxy"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"nova-volume"},{"binary_version":"3:33.0.0-0ubuntu3.1","binary_name":"python3-nova"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8434-1.json","cves_map":{"ecosystem":"Ubuntu:26.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-46448"}]}}}],"schema_version":"1.7.5"}