SB2025072513 - Improper check for unusual or exceptional conditions in OpenStack Neutron
Published: July 25, 2025
Security Bulletin ID
SB2025072513
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2024-53916)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. A remote attacker can change (add and clear) tags on network objects that do not belong to the attacker, and this action is not subjected to the proper policy authorization check.
Remediation
Install update from vendor's website.
References
- http://www.openwall.com/lists/oss-security/2024/12/03/1
- https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232
- https://review.opendev.org/c/openstack/neutron/+/935883
- https://review.opendev.org/q/project:openstack/neutron
- https://security.openstack.org/ossa/OSSA-2024-005.html