OSSA-2024-003: Unvalidated image data passed to qemu-img

Date:

September 04, 2024

CVE:

CVE-2024-44082

Affects

  • Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1

  • Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1

Description

Dan Smith and Julia Kreger of Red Hat and Jay Faulkner of G-Research noticed a vulnerability in image processing for Ironic, in which a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data.

Mitigation

The attached patches contain code allowing Ironic and the Ironic-Python-Agent (IPA) to pre-screen images before passing them to qemu-img. You should patch both of them because in some popular deployment configurations, it is possible for images to bypass the Ironic conductor for more efficient image downloads.

In situations where it is not possible to patch IPA, there is a new configuration option, [conductor]conductor_always_validates_images. When this option is True, all image downloads are forced to occur through the Ironic conductor, where they are validated. However, this may incur a significant performance hit; hence our recommendation to patch both Ironic and IPA.

Patches are available for both Ironic and IPA for all maintained branches, namely, the Dalmatian development branch (current master) through Antelope. For these branches, conductor_always_validates_images defaults to False.

For the unmaintained branches (Zed through Victoria), patches are not available for IPA due to a significant risk of regressions. For these branches, the Ironic patches set conductor_always_validates_images to True, as this is the only safe way to run Ironic with an un-patched IPA.

Cached images

Images in the Ironic image cache should be purged. To purge the cache, stop the Ironic conductor and remove the files in the [pxe]instance_master_path directory on that conductor node.

Supported image formats

A new configuration option, [conductor]permitted_image_formats controls what image formats will be accepted by Ironic. By default, the allowed formats are ‘raw’ and ‘qcow2’, which are the only formats that Ironic is tested with. In previous releases, it was possible to use images of other, unsupported formats with Ironic, but this is now blocked by default due to security issues arising from the image conversion process. It is possible, though not recommended, to expand the list of permitted formats. Alternatively, users requiring the use of an image in an unsupported format can convert the image offline into a supported format before uploading the image to Glance or otherwise making the image available to Ironic. Consult the Ironic documentation for details.

Warning

As is well-documented, the OpenStack Ironic project does not support the use of ironic-lib for non-Ironic use cases. In its normal supported context, ironic-lib assumes that images have been pre-screened before ironic-lib comes in contact with them. Thus, unsupported use of ironic-lib leaves you vulnerable to the exploit outlined in this OSSA.

The Ironic project intends eventually to explicitly remove the vulnerable methods in ironic-lib, but reminds the reader that independent use of ironic-lib is not supported.

Bugfix branches

Patches are available for maintained bugfix branches. These patches will be merged to the maintained branches, but no new releases will be triggered from those branches.

Patches

Credits

  • Dan Smith from Red Hat (CVE-2024-44082)

  • Jay Faulkner from G-Research (CVE-2024-44082)

  • Julia Kreger from Red Hat (CVE-2024-44082)

References

Notes

  • For more information about the unadvisability of calling ‘qemu-img info’ on untrusted images, see CVE-2024-04467.

  • The ironic unmaintained/* branches will receive no point releases, but patches for them are provided as a courtesy.

  • The ironic-python-agent unmaintained/* branches will receive no point releases, nor are patches for them available.

  • The ironic and ironic-python-agent bugfix/* branches will receive no point releases, but patches for them are provided as a courtesy.