Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:4787: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
  • CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-05-27

Updated:

2022-05-27

RHSA-2022:4787 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch2.15 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch2.15 is now available in Fast Datapath for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch2.15: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
  • openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch2.15 are advised to upgrade to these updated packages, which fix these bugs.

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 8 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64

Fixes

  • BZ - 2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
  • BZ - 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
  • BZ - 2070343 - Failed to read database with dns hostname address
  • BZ - 2080271 - [22.D RHEL-8] Fast Datapath Release

Red Hat Enterprise Linux Fast Datapath 8

SRPM

openvswitch2.15-2.15.0-99.el8fdp.src.rpm

SHA-256: 0aaf2691174132a31ec72e5ed7af04b46b62b0982fc2851742c07898006a6490

x86_64

network-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm

SHA-256: 1ef81f41545546aa59ffeefdcd7c4521a650c9344fb0f3067b2d16be0e096b14

openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm

SHA-256: 7149bd99f1e6ad3a6f525b9a5fdca552e5f27a3f74528bc3745aef98a6f9ef69

openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm

SHA-256: bc65967a855576f699a9bc34bfe3b1ee679bc9d708a29400610fcfca518a22d4

openvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm

SHA-256: 571b2f91925594905f8aac2e721f17a749749d19c39280c341e4e784a545b367

openvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm

SHA-256: 18a40f993a71e50e4ec0a493bf3ccf7551a68c48e585fffb7c0d68bf758fb237

openvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm

SHA-256: 5c0ee6c9ddc5d8cae5c7836be99ce70c2ef5cb57f8ac1be65ec07a11ed28752f

openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm

SHA-256: a3c3ebff8ed8c6ea4147af2c960af32d87cd39ea677ebcce36e6cd47b50f5dee

python3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm

SHA-256: c9c5ba03bacb19aa6dff8a2474d6da1cf2aaaff391b0371ced629c4207ae97c8

python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm

SHA-256: 2dbb2eb91f0859ddf34f15d3aa5a2c2efdab9370accd40db6ec512492eec0b5b

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8

SRPM

openvswitch2.15-2.15.0-99.el8fdp.src.rpm

SHA-256: 0aaf2691174132a31ec72e5ed7af04b46b62b0982fc2851742c07898006a6490

ppc64le

network-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm

SHA-256: 50da6994582bc9dfc58e38e9133c7e2bbf05d0c46f5d40f957021e38f0ae62a3

openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm

SHA-256: 0c38313a4f4c4d8b4584aa3cb52ec842e28f5c3f880022782aae93686700eb70

openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm

SHA-256: fc1040c5d1188af944554a52eb6bc7dd15d01f0cdd45fcc3423559f7d964f365

openvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm

SHA-256: 031002d515507bf938c9774d10eaf2debce2d9b880312e9b9a2989306f4450aa

openvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm

SHA-256: 87a69fcf4df4d91a30aaa83bde2e943902b7801616612574e9d29b170e535497

openvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm

SHA-256: 08eb965b6a979f82961c6cae32e19c012a4a8765ceb66c35e2fc5ad00194f5bb

openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm

SHA-256: a3c3ebff8ed8c6ea4147af2c960af32d87cd39ea677ebcce36e6cd47b50f5dee

python3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm

SHA-256: f5135621021578a83f00e52ff4f3e154120a216eb75ebfea33401d9e23599468

python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm

SHA-256: 108e949b564400d66c9b0211667fe2e62642a11c281c838feacd68de0d503b3d

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8

SRPM

openvswitch2.15-2.15.0-99.el8fdp.src.rpm

SHA-256: 0aaf2691174132a31ec72e5ed7af04b46b62b0982fc2851742c07898006a6490

s390x

network-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm

SHA-256: aa195ec2f2586ad0ae666ad0a573317940e52c7e317f847dc82c08d46986d586

openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm

SHA-256: 0d906b3ca6d5fa49729c39c1edd927874667eae2c7026803058ced86cc2e6cbc

openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm

SHA-256: 637e5ac59119296c31c8d3ff867ac1feacd6d660f7339b7f79c2eb7a7ef5bf1c

openvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm

SHA-256: 1f400201fccd39a0705461844322aa04e32f13f0c1d75b625f00fbd5e9e99d30

openvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm

SHA-256: 7a9de4c49ec49a6e9096f54647f171148622c08f86e89c12228dd4281123eb7e

openvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm

SHA-256: ebba12db7475123262ef0538af4813c82b682b87fe0d072dc173ac06dbe0336e

openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm

SHA-256: a3c3ebff8ed8c6ea4147af2c960af32d87cd39ea677ebcce36e6cd47b50f5dee

python3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm

SHA-256: 761ac4d9f0b06a4902556e65ccb7f268ebebc1fb2fdc4220d787babbe295c184

python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm

SHA-256: 3b0c703caeb48ab8b3f1f47d8ce16bafc1d8ea543c03ce8a4121c150c1749fd7

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8

SRPM

openvswitch2.15-2.15.0-99.el8fdp.src.rpm

SHA-256: 0aaf2691174132a31ec72e5ed7af04b46b62b0982fc2851742c07898006a6490

aarch64

network-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm

SHA-256: 467d12449a93dbe9e935d176a4ea6167f018d1883c58b6391dcb4e2cea77c979

openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm

SHA-256: 9ee1084db22f4d3cc6cf1ccd3a148879f6f4c43f7a3a5c195ac867bc04e02ab4

openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm

SHA-256: b9bc8251b3887b08836d26b67bcab3a86fdce62f3e446087bf83cea4d187513f

openvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm

SHA-256: ebe09c4a420eb89c0544b21370b2340b408c1e0dbf6d914ee459453bcef19456

openvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm

SHA-256: e1d80f37576c58ba526eb48137791eb71558c08329b96562d8ee3ece82a68274

openvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm

SHA-256: 0f8b06d0f641cdde60eee2dc4559c6464e70267370cbf1c32c5a181b3295ad82

openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm

SHA-256: a3c3ebff8ed8c6ea4147af2c960af32d87cd39ea677ebcce36e6cd47b50f5dee

python3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm

SHA-256: a621a0b4d6e669bb587d3760d4330e8e09c23fc58719b7b9fbd993ed18067f04

python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm

SHA-256: 326be372e6c0acb5c5683540f607b0d5d33149323315b7323d2c8af48bb92c38

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2022:8263: Red Hat Security Advisory: dpdk security and bug fix update

An update for dpdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-28199: dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

CVE-2022-0669: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

CVE-2021-3839: Invalid Bug ID

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Red Hat Security Advisory 2022-4786-01

Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-4788-01

Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-4787-01

Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:4788: Red Hat Security Advisory: openvswitch2.16 security update

An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS

RHSA-2022:4786: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS

RHSA-2022:4788: Red Hat Security Advisory: openvswitch2.16 security update

An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS

RHSA-2022:4786: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS