Headline
Red Hat Security Advisory 2022-4787-01
Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openvswitch2.15 security update
Advisory ID: RHSA-2022:4787-01
Product: Fast Datapath
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4787
Issue date: 2022-05-27
CVE Names: CVE-2021-3839 CVE-2022-0669
=====================================================================
- Summary:
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
openvswitch2.15: DPDK: Out-of-bounds read/write in
vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could
lead to DoS (CVE-2022-0669)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Users of openvswitch2.15 are advised to upgrade to these updated packages,
which fix these bugs.
- Bugs fixed (https://bugzilla.redhat.com/):
2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
2070343 - Failed to read database with dns hostname address
2080271 - [22.D RHEL-8] Fast Datapath Release
- Package List:
Fast Datapath for Red Hat Enterprise Linux 8:
Source:
openvswitch2.15-2.15.0-99.el8fdp.src.rpm
aarch64:
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm
openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm
openvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm
openvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm
openvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm
python3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm
noarch:
openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm
ppc64le:
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm
openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm
openvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm
openvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm
openvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm
python3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm
s390x:
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm
openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm
openvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm
openvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm
openvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm
python3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm
x86_64:
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm
openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm
openvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm
openvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm
openvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm
python3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3839
https://access.redhat.com/security/cve/CVE-2022-0669
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u
9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/
rhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF
G76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm
H9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl
sA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC
34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g
lqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy
Bs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft
2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS
GOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L
5WnVACaEc60=
=WSAK
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
An update for dpdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-28199: dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS