Headline
RHSA-2022:4788: Red Hat Security Advisory: openvswitch2.16 security update
An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
- CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-05-27
Updated:
2022-05-27
RHSA-2022:4788 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch2.16 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch2.16 is now available in Fast Datapath for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch2.16: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
- openvswitch2.16: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
Fixes
- BZ - 2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
- BZ - 2055097 - Failed to read database with dns hostname address
- BZ - 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
- BZ - 2080273 - [22.D RHEL-8] Fast Datapath Release
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch2.16-2.16.0-74.el8fdp.src.rpm
SHA-256: 1c89eb3115b82b53549e8e26b55457ca4cfd9f824c9dea970a6cb68d6eb7dc1d
x86_64
network-scripts-openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm
SHA-256: 633a578aebafa4f60e84263ba067a931205cbfe5af8acf7d0119fc057652b3b3
openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm
SHA-256: f1e105c1e1887253df487cf2f305b1c8612c097fc210e180f812164725b6f289
openvswitch2.16-debuginfo-2.16.0-74.el8fdp.x86_64.rpm
SHA-256: 48053f235d3d16a8eddfffdc71ea70196186e3b2573a4e5134adb3f895562276
openvswitch2.16-debugsource-2.16.0-74.el8fdp.x86_64.rpm
SHA-256: ca1fb1af5d00a0a20c98d9ba3b8922a2e796b7ce2b7faa22696bb90e9211bf5d
openvswitch2.16-devel-2.16.0-74.el8fdp.x86_64.rpm
SHA-256: 624ebb447ff7740b0a4cec1b72d28d656b6a5940cd6a15ccb7ba86915df0552e
openvswitch2.16-ipsec-2.16.0-74.el8fdp.x86_64.rpm
SHA-256: 794ece3ea5ce8a152b07a9b4037af5cc277297fced9569522f8fc229c4153b49
openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm
SHA-256: b0b4ba2452975431afae2f606c5da0415fd38de6b97091512bb83bde8ead15a1
python3-openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm
SHA-256: 13c3a77f0d76cf7a4c9463d0e26895961817951c93597e8f31732b18a3417c22
python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.x86_64.rpm
SHA-256: a51a8ddbd14e736ab870e81203a2aa72ae70de61ca5824280701fd7e7a1a3a67
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch2.16-2.16.0-74.el8fdp.src.rpm
SHA-256: 1c89eb3115b82b53549e8e26b55457ca4cfd9f824c9dea970a6cb68d6eb7dc1d
ppc64le
network-scripts-openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm
SHA-256: 6903c81cd58cf3250df4df2a9e8466938d0f62231a71737d4eb34327f5cbea7f
openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm
SHA-256: 3fb67a4da428e4b9585a2cbbde5b3339888b6c7ff7a80e4230927c960f965425
openvswitch2.16-debuginfo-2.16.0-74.el8fdp.ppc64le.rpm
SHA-256: 15f9a98454f59fb28e1b8dc60ce7b0f183f44b0fdda7e04f4df3829323053d99
openvswitch2.16-debugsource-2.16.0-74.el8fdp.ppc64le.rpm
SHA-256: 5cecb38e46950bafbf3509c03dcee08561c075214ec78188ddf05d3a88add894
openvswitch2.16-devel-2.16.0-74.el8fdp.ppc64le.rpm
SHA-256: a8faaddcca65acd5a34f32d47f24a6f608dc6c78aed6acaa60b0e61f4c001cf8
openvswitch2.16-ipsec-2.16.0-74.el8fdp.ppc64le.rpm
SHA-256: 6836ec7956509640275ebb8ac0b8573844ddcd6a639ccabab258ab50dfb6b4da
openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm
SHA-256: b0b4ba2452975431afae2f606c5da0415fd38de6b97091512bb83bde8ead15a1
python3-openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm
SHA-256: 9b9785c080e475e0df697fe5b0435aaf0194a4e4f9d8757b066b6bec4d886ce7
python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.ppc64le.rpm
SHA-256: 30d6651280b64799e58ace4d461c073558cc6e847403c0c3809585f4d939a657
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch2.16-2.16.0-74.el8fdp.src.rpm
SHA-256: 1c89eb3115b82b53549e8e26b55457ca4cfd9f824c9dea970a6cb68d6eb7dc1d
s390x
network-scripts-openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm
SHA-256: e2b5f33b3d5e9fbb3bf02a140c6d3f4daec8b37a4085286290b4813c7147d07e
openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm
SHA-256: 099062509251d74d4c94cad5bb8f94b55fcc6cf3960d806a1d4b8267a38b4429
openvswitch2.16-debuginfo-2.16.0-74.el8fdp.s390x.rpm
SHA-256: 49950404d2f54168f0452e577b52f621f4244a3f3ec44c4df32f3e2ab00a96ad
openvswitch2.16-debugsource-2.16.0-74.el8fdp.s390x.rpm
SHA-256: 9184c0720915e8add21d6fda7be4f75e3f6ce6f3e26cd513933dfb5d11f0fa60
openvswitch2.16-devel-2.16.0-74.el8fdp.s390x.rpm
SHA-256: 8924409ad22568b59ed08de4c47cecd6dad19823376e9f04e2c5bf44decd977f
openvswitch2.16-ipsec-2.16.0-74.el8fdp.s390x.rpm
SHA-256: 3ba6b7de43b2de6e95345cd5e9c0f5720e35af22a8debf3a9d206bbb1f73093d
openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm
SHA-256: b0b4ba2452975431afae2f606c5da0415fd38de6b97091512bb83bde8ead15a1
python3-openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm
SHA-256: d685201e2d054402b2c16fd872720dcd3309297ffd20bbeecb99c0eaae07de39
python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.s390x.rpm
SHA-256: 9cb37f5b447759990ec7329c2e643d1a74852d8bd5cab176cbcf06d360465b10
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch2.16-2.16.0-74.el8fdp.src.rpm
SHA-256: 1c89eb3115b82b53549e8e26b55457ca4cfd9f824c9dea970a6cb68d6eb7dc1d
aarch64
network-scripts-openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm
SHA-256: efdd3f991f15c00254e889b1fcc83c0a4c3299c96108d0d34c034c5b6decbaaf
openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm
SHA-256: d40c6d205ac386c779e91ffc9b5aeb65f4a077c90bf1f740c57ab3d29136d99f
openvswitch2.16-debuginfo-2.16.0-74.el8fdp.aarch64.rpm
SHA-256: 151cdd978767824a183f24b3e1724dcec35fe1d3cd822a5ac7d52cfb8518f2bf
openvswitch2.16-debugsource-2.16.0-74.el8fdp.aarch64.rpm
SHA-256: 973f16ec030c96714daf67bc82d29379b4f8661e33c21df8c5cf3ce882d00881
openvswitch2.16-devel-2.16.0-74.el8fdp.aarch64.rpm
SHA-256: 0bc721fd45381e4d4ff2ca4cc09b1aeb2a8bd9d5595360b2105a9d7c7ca9dc93
openvswitch2.16-ipsec-2.16.0-74.el8fdp.aarch64.rpm
SHA-256: 2709c093dc155bd8b0cfb8038996c1c767a95fa4c7935f1f26fc9b6de1da1f1e
openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm
SHA-256: b0b4ba2452975431afae2f606c5da0415fd38de6b97091512bb83bde8ead15a1
python3-openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm
SHA-256: 83a4bc808260a2953cc6ff1ccfb52e844b640d099e7fa42a1aa7719ade04ec4c
python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.aarch64.rpm
SHA-256: 19560279f0d940073dd673d3a0da593f7f8b32f997c5dbb2a3a65d060bae6ef2
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for dpdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-28199: dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS