oss-sec mailing list archives
Re: [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708)
From: Jeremy Stanley <fungi () yuggoth org>
Date: Tue, 17 Feb 2026 16:43:14 +0000
On 2026-02-17 17:10:27 +0100 (+0100), Salvatore Bonaccorso wrote: [...]
Just a small heads-up: The title mentions CVE-2026-24708, but the mail body once CVE-2026-24708 and refers to CVE-2026-24709. My understandign is that CVE-2026-24708 should be the correct one as this was the CVE originally mentioned. Jeremy, can you confirm: CVE-2026-2470*8* is the one to use?
Thanks for catching that! It slipped through code review, we should probably redesign our metadata to not need repetition of the CVE ID.
You are correct, CVE-2026-24708 is the identifier MITRE assigned. I'll issue errata shortly revising the publication accordingly. Thanks again!
-- Jeremy Stanley OpenStack Vulnerability Management Team https://security.openstack.org/vmt.html
Attachment:
signature.asc
Description:
Current thread:
- [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708) Jeremy Stanley (Feb 17)
- Re: [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708) Salvatore Bonaccorso (Feb 17)
- Re: [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708) Jeremy Stanley (Feb 17)
- Re: [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708) Salvatore Bonaccorso (Feb 17)