Moderate severityNVD Advisory· Published Oct 31, 2014· Updated May 6, 2026
CVE-2014-8333
CVE-2014-8333
Description
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | < 12.0.0a0 | 12.0.0a0 |
Affected products
2Patches
2d71445c7d2d2VMWare: Fix VM leak when deletion of VM during resizing
2 files changed · +55 −0
nova/tests/virt/vmwareapi/test_driver_api.py+40 −0 modified@@ -1441,6 +1441,46 @@ def test_destroy_instance_without_compute(self): None, self.destroy_disks) self.assertFalse(mock_destroy.called) + def _destroy_instance_without_vm_ref(self, resize_exists=False, + task_state=None): + + def fake_vm_ref_from_name(session, vm_name): + if resize_exists: + return 'fake-ref' + + self._create_instance() + with contextlib.nested( + mock.patch.object(vm_util, 'get_vm_ref_from_name', + fake_vm_ref_from_name), + mock.patch.object(self.conn._session, + '_call_method'), + mock.patch.object(self.conn._vmops, + '_destroy_instance') + ) as (mock_get, mock_call, mock_destroy): + self.instance.task_state = task_state + self.conn.destroy(self.context, self.instance, + self.network_info, + None, True) + if resize_exists: + if task_state == task_states.RESIZE_REVERTING: + expected = 1 + else: + expected = 2 + else: + expected = 1 + self.assertEqual(expected, mock_destroy.call_count) + self.assertFalse(mock_call.called) + + def test_destroy_instance_without_vm_ref(self): + self._destroy_instance_without_vm_ref() + + def test_destroy_instance_without_vm_ref_with_resize(self): + self._destroy_instance_without_vm_ref(resize_exists=True) + + def test_destroy_instance_without_vm_ref_with_resize_revert(self): + self._destroy_instance_without_vm_ref(resize_exists=True, + task_state=task_states.RESIZE_REVERTING) + def _rescue(self, config_drive=False): def fake_attach_disk_to_vm(vm_ref, instance, adapter_type, disk_type, vmdk_path=None,
nova/virt/vmwareapi/vmops.py+15 −0 modified@@ -1129,6 +1129,21 @@ def destroy(self, instance, network_info, destroy_disks=True): self._destroy_instance(instance, network_info, destroy_disks=destroy_disks, instance_name=rescue_name) + # NOTE(arnaud): Destroy uuid-orig and uuid VMs iff it is not + # triggered by the revert resize api call. This prevents + # the uuid-orig VM to be deleted to be able to associate it later. + if instance['task_state'] != task_states.RESIZE_REVERTING: + # When VM deletion is triggered in middle of VM resize before VM + # arrive RESIZED state, uuid-orig VM need to deleted to avoid + # VM leak. Within method _destroy_instance it will check vmref + # exist or not before attempt deletion. + resize_orig_vmname = instance['uuid'] + self._migrate_suffix + vm_orig_ref = vm_util.get_vm_ref_from_name(self._session, + resize_orig_vmname) + if vm_orig_ref: + self._destroy_instance(instance, network_info, + destroy_disks=destroy_disks, + instance_name=resize_orig_vmname) self._destroy_instance(instance, network_info, destroy_disks=destroy_disks) LOG.debug(_("Instance destroyed"), instance=instance)
e1f8664c9fa8VMWare: Fix VM leak when deletion of VM during resizing
2 files changed · +20 −2
nova/tests/virt/vmwareapi/test_driver_api.py+9 −2 modified@@ -1482,8 +1482,15 @@ def test_destroy_instance_without_vm_ref(self): self.conn.destroy(self.context, self.instance, self.network_info, None, True) - mock_get.assert_called_once_with(self.conn._vmops._session, - self.instance['uuid']) + mock_get.assert_called_with(self.conn._vmops._session, + self.instance['uuid']) + expected_args = [((self.conn._vmops._session, + self.instance['uuid'] + '-orig'),), + ((self.conn._vmops._session, + self.instance['uuid']),)] + # one for VM named uuid-orig, one for VM named uuid + self.assertEqual(expected_args, mock_get.call_args_list) + self.assertEqual(2, mock_get.call_count) self.assertFalse(mock_call.called) def _rescue(self, config_drive=False):
nova/virt/vmwareapi/vmops.py+11 −0 modified@@ -839,6 +839,17 @@ def destroy(self, instance, destroy_disks=True): self._destroy_instance(instance, destroy_disks=destroy_disks, instance_name=rescue_name) + # When VM deletion is triggered in middle of VM resize before VM + # arrive RESIZED state, uuid-orig VM need to deleted to avoid + # VM leak. Within method _destroy_instance it will check vmref + # exist or not before attempt deletion. + resize_orig_vmname = instance['uuid'] + self._migrate_suffix + vm_orig_ref = vm_util.get_vm_ref_from_name(self._session, + resize_orig_vmname) + if vm_orig_ref: + self._destroy_instance(instance, + destroy_disks=destroy_disks, + instance_name=resize_orig_vmname) self._destroy_instance(instance, destroy_disks=destroy_disks) LOG.debug("Instance destroyed", instance=instance)
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- lists.openstack.org/pipermail/openstack-announce/2014-October/000298.htmlnvdPatchVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2015-0843.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2015-0844.htmlnvdThird Party AdvisoryWEB
- secunia.com/advisories/60531nvdPermissions RequiredThird Party AdvisoryWEB
- bugs.launchpad.net/nova/+bug/1359138nvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-g63p-mfcm-54c4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-8333ghsaADVISORY
- github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2ghsaWEB
- github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954cghsaWEB
News mentions
0No linked articles in our index yet.