Low severityNVD Advisory· Published Oct 27, 2015· Updated Jun 17, 2026
CVE-2015-5240
CVE-2015-5240
Description
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
neutronPyPI | < 7.0.0 | 7.0.0 |
Affected products
10- ghsa-coords7 versionspkg:pypi/neutronpkg:rpm/suse/crowbar-barclamp-neutron&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-neutron&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-nova&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205pkg:rpm/suse/python-python-memcached&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205
< 7.0.0+ 6 more
- (no CPE)range: < 7.0.0
- (no CPE)range: < 1.9+git.1443859419.95e948a-12.2
- (no CPE)range: < 2014.2.4~a0~dev103-10.3
- (no CPE)range: < 2014.2.4~a0~dev103-16.2
- (no CPE)range: < 2014.2.4~a0~dev103-16.4
- (no CPE)range: < 2014.2.4~a0~dev80-14.1
- (no CPE)range: < 1.54-2.1
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-hhpj-6pj7-wpx5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5240ghsaADVISORY
- security.openstack.org/ossa/OSSA-2015-018.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2015-1909.htmlnvdWEB
- www.openwall.com/lists/oss-security/2015/09/08/9nvdWEB
- access.redhat.com/errata/RHSA-2015:1909ghsaWEB
- access.redhat.com/security/cve/CVE-2015-5240ghsaWEB
- bugs.launchpad.net/neutron/+bug/1489111nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/openstack/neutron/commit/767cea23de44a963c6793ffe30ea5c6827d27a38ghsaWEB
- github.com/openstack/neutron/commit/bbca973986fdc99eae9d1b2545e8246c0b2be2e2ghsaWEB
- github.com/openstack/neutron/commit/fdc3431ccd219accf6a795079d9b67b8656eed8eghsaWEB
News mentions
0No linked articles in our index yet.