Nova could be made to destroy data.
Software Description:
- nova: OpenStack Compute cloud infrastructure
Details:
Dan Smith discovered that Nova incorrectly called qemu-img without a format
restriction when resizing disks. An attacker could possibly use this issue
to destroy data on the host system.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nova-common 3:32.0.0-0ubuntu1.1 python3-nova 3:32.0.0-0ubuntu1.1 Ubuntu 24.04 LTS nova-common 3:29.2.0-0ubuntu1.3 python3-nova 3:29.2.0-0ubuntu1.3 Ubuntu 22.04 LTS nova-common 3:25.2.1-0ubuntu2.10 python3-nova 3:25.2.1-0ubuntu2.10 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8049-1
CVE-2026-24708
Get the latest Linux and open source security news straight to your inbox.