Patched OpenStack Security Bug

  • Tuesday, 25th August, 2020
  • 12:30pm

We're writing to update you on the recently disclosed CVE-2020-17376. This is an OpenStack bug which can result in instances attaching the wrong device, after a soft reboot, if they have been live migrated.

As a VEXXHOST public cloud user, you have nothing to worry about and can rest assured that the bug does not affect you. Our clouds are deployed using Ceph as a storage backend which is not affected by CVE-2020-17376. In addition, although this bug does impact potential PCI passthrough devices, we do not do any live migrations for systems with PCI passthrough, such as GPU instances. Regardless, we've already patched this.

It is our pleasure to keep your environments secure and inform you that there is no further action required on your end. Please do not hesitate to contact our support team if you have any concerns or questions about the changes.

« Back