I'm assuming you switched this from public to public security because you feel there is a significant risk this bug could be leveraged by a malicious user to create a denial of service for systems in other tenants. Can you describe an exploit scenario wherein this is leveraged as a vulnerability impacting more tenants than the one to which the initiating user has access?
** Also affects: ossa Importance: Undecided Status: New ** Changed in: ossa Status: New => Incomplete -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1475058 Title: Host and device info need to get migrated to the VM host paired port that is found on the FIP table Status in neutron: New Status in OpenStack Security Advisory: Incomplete Bug description: When an unbound port gets associated with an FIP entry in DVR environment, this port needs to be identified as a DVR service port in order for DVR schedulers to know it is serviceable by DVR routers. If a FIP port is paired with a VM hosted port, which falls into the unbound port case, its host and device info needs to get updated. Once the paired port's host and device info get updated, it is tagged as a DVR service port. There are use cases the tenant will use the unbound port in DVR environment such as "VRRP". Without this fix, there is a chance that FIP agent gateway port will get deleted on the DVR host as the system would think there is no DVR service port presented, because this port is not tagged as DVR serviceable. This would happen when a port is disassociated from floating IP entry. At that point, system performs the check if FIP agent gateway port is DVR serviceable on the host based on the device owner type. If it is not, the port get deleted. However, in reality, this port should not get deleted. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1475058/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp