Headline
RHSA-2022:4787: Red Hat Security Advisory: openvswitch2.15 security update
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
- CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-05-27
Updated:
2022-05-27
RHSA-2022:4787 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch2.15 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch2.15: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
- openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Users of openvswitch2.15 are advised to upgrade to these updated packages, which fix these bugs.
Affected Products
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
Fixes
- BZ - 2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
- BZ - 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
- BZ - 2070343 - Failed to read database with dns hostname address
- BZ - 2080271 - [22.D RHEL-8] Fast Datapath Release
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch2.15-2.15.0-99.el8fdp.src.rpm
SHA-256: 0aaf2691174132a31ec72e5ed7af04b46b62b0982fc2851742c07898006a6490
x86_64
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm
SHA-256: 1ef81f41545546aa59ffeefdcd7c4521a650c9344fb0f3067b2d16be0e096b14
openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm
SHA-256: 7149bd99f1e6ad3a6f525b9a5fdca552e5f27a3f74528bc3745aef98a6f9ef69
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm
SHA-256: bc65967a855576f699a9bc34bfe3b1ee679bc9d708a29400610fcfca518a22d4
openvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm
SHA-256: 571b2f91925594905f8aac2e721f17a749749d19c39280c341e4e784a545b367
openvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm
SHA-256: 18a40f993a71e50e4ec0a493bf3ccf7551a68c48e585fffb7c0d68bf758fb237
openvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm
SHA-256: 5c0ee6c9ddc5d8cae5c7836be99ce70c2ef5cb57f8ac1be65ec07a11ed28752f
openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm
SHA-256: a3c3ebff8ed8c6ea4147af2c960af32d87cd39ea677ebcce36e6cd47b50f5dee
python3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm
SHA-256: c9c5ba03bacb19aa6dff8a2474d6da1cf2aaaff391b0371ced629c4207ae97c8
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm
SHA-256: 2dbb2eb91f0859ddf34f15d3aa5a2c2efdab9370accd40db6ec512492eec0b5b
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch2.15-2.15.0-99.el8fdp.src.rpm
SHA-256: 0aaf2691174132a31ec72e5ed7af04b46b62b0982fc2851742c07898006a6490
ppc64le
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm
SHA-256: 50da6994582bc9dfc58e38e9133c7e2bbf05d0c46f5d40f957021e38f0ae62a3
openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm
SHA-256: 0c38313a4f4c4d8b4584aa3cb52ec842e28f5c3f880022782aae93686700eb70
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm
SHA-256: fc1040c5d1188af944554a52eb6bc7dd15d01f0cdd45fcc3423559f7d964f365
openvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm
SHA-256: 031002d515507bf938c9774d10eaf2debce2d9b880312e9b9a2989306f4450aa
openvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm
SHA-256: 87a69fcf4df4d91a30aaa83bde2e943902b7801616612574e9d29b170e535497
openvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm
SHA-256: 08eb965b6a979f82961c6cae32e19c012a4a8765ceb66c35e2fc5ad00194f5bb
openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm
SHA-256: a3c3ebff8ed8c6ea4147af2c960af32d87cd39ea677ebcce36e6cd47b50f5dee
python3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm
SHA-256: f5135621021578a83f00e52ff4f3e154120a216eb75ebfea33401d9e23599468
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm
SHA-256: 108e949b564400d66c9b0211667fe2e62642a11c281c838feacd68de0d503b3d
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch2.15-2.15.0-99.el8fdp.src.rpm
SHA-256: 0aaf2691174132a31ec72e5ed7af04b46b62b0982fc2851742c07898006a6490
s390x
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm
SHA-256: aa195ec2f2586ad0ae666ad0a573317940e52c7e317f847dc82c08d46986d586
openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm
SHA-256: 0d906b3ca6d5fa49729c39c1edd927874667eae2c7026803058ced86cc2e6cbc
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm
SHA-256: 637e5ac59119296c31c8d3ff867ac1feacd6d660f7339b7f79c2eb7a7ef5bf1c
openvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm
SHA-256: 1f400201fccd39a0705461844322aa04e32f13f0c1d75b625f00fbd5e9e99d30
openvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm
SHA-256: 7a9de4c49ec49a6e9096f54647f171148622c08f86e89c12228dd4281123eb7e
openvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm
SHA-256: ebba12db7475123262ef0538af4813c82b682b87fe0d072dc173ac06dbe0336e
openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm
SHA-256: a3c3ebff8ed8c6ea4147af2c960af32d87cd39ea677ebcce36e6cd47b50f5dee
python3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm
SHA-256: 761ac4d9f0b06a4902556e65ccb7f268ebebc1fb2fdc4220d787babbe295c184
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm
SHA-256: 3b0c703caeb48ab8b3f1f47d8ce16bafc1d8ea543c03ce8a4121c150c1749fd7
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch2.15-2.15.0-99.el8fdp.src.rpm
SHA-256: 0aaf2691174132a31ec72e5ed7af04b46b62b0982fc2851742c07898006a6490
aarch64
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm
SHA-256: 467d12449a93dbe9e935d176a4ea6167f018d1883c58b6391dcb4e2cea77c979
openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm
SHA-256: 9ee1084db22f4d3cc6cf1ccd3a148879f6f4c43f7a3a5c195ac867bc04e02ab4
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm
SHA-256: b9bc8251b3887b08836d26b67bcab3a86fdce62f3e446087bf83cea4d187513f
openvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm
SHA-256: ebe09c4a420eb89c0544b21370b2340b408c1e0dbf6d914ee459453bcef19456
openvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm
SHA-256: e1d80f37576c58ba526eb48137791eb71558c08329b96562d8ee3ece82a68274
openvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm
SHA-256: 0f8b06d0f641cdde60eee2dc4559c6464e70267370cbf1c32c5a181b3295ad82
openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm
SHA-256: a3c3ebff8ed8c6ea4147af2c960af32d87cd39ea677ebcce36e6cd47b50f5dee
python3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm
SHA-256: a621a0b4d6e669bb587d3760d4330e8e09c23fc58719b7b9fbd993ed18067f04
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm
SHA-256: 326be372e6c0acb5c5683540f607b0d5d33149323315b7323d2c8af48bb92c38
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for dpdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-28199: dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS