CVE-2017-7543: OpenStack Neutron Race Condition vulnerability
5.9
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.62333%
CWE
Published
5/13/2022
Updated
2/8/2023
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
neutron | pip | < 7.2.0-12.1 | 7.2.0-12.1 |
neutron | pip | >= 8.0.0, < 8.3.0-11.1 | 8.3.0-11.1 |
neutron | pip | >= 9.0.0, < 9.3.1-2.1 | 9.3.1-2.1 |
neutron | pip | >= 10.0.0, < 10.0.2-1.1 | 10.0.2-1.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from a race condition where sysctl settings for bridge-nf-call-iptables were reset during updates. The patch adds an ExecStartPre
directive in neutron-ovs-cleanup.service
to ensure these settings are reapplied. The absence of this step in vulnerable versions indicates the neutron-ovs-cleanup
script execution (or lack thereof) is directly tied to the vulnerability. This function
would appear in runtime profiles during service initialization.