Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:4788: Red Hat Security Advisory: openvswitch2.16 security update

An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
  • CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-05-27

Updated:

2022-05-27

RHSA-2022:4788 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch2.16 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch2.16 is now available in Fast Datapath for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch2.16: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
  • openvswitch2.16: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 8 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64

Fixes

  • BZ - 2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
  • BZ - 2055097 - Failed to read database with dns hostname address
  • BZ - 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
  • BZ - 2080273 - [22.D RHEL-8] Fast Datapath Release

Red Hat Enterprise Linux Fast Datapath 8

SRPM

openvswitch2.16-2.16.0-74.el8fdp.src.rpm

SHA-256: 1c89eb3115b82b53549e8e26b55457ca4cfd9f824c9dea970a6cb68d6eb7dc1d

x86_64

network-scripts-openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm

SHA-256: 633a578aebafa4f60e84263ba067a931205cbfe5af8acf7d0119fc057652b3b3

openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm

SHA-256: f1e105c1e1887253df487cf2f305b1c8612c097fc210e180f812164725b6f289

openvswitch2.16-debuginfo-2.16.0-74.el8fdp.x86_64.rpm

SHA-256: 48053f235d3d16a8eddfffdc71ea70196186e3b2573a4e5134adb3f895562276

openvswitch2.16-debugsource-2.16.0-74.el8fdp.x86_64.rpm

SHA-256: ca1fb1af5d00a0a20c98d9ba3b8922a2e796b7ce2b7faa22696bb90e9211bf5d

openvswitch2.16-devel-2.16.0-74.el8fdp.x86_64.rpm

SHA-256: 624ebb447ff7740b0a4cec1b72d28d656b6a5940cd6a15ccb7ba86915df0552e

openvswitch2.16-ipsec-2.16.0-74.el8fdp.x86_64.rpm

SHA-256: 794ece3ea5ce8a152b07a9b4037af5cc277297fced9569522f8fc229c4153b49

openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm

SHA-256: b0b4ba2452975431afae2f606c5da0415fd38de6b97091512bb83bde8ead15a1

python3-openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm

SHA-256: 13c3a77f0d76cf7a4c9463d0e26895961817951c93597e8f31732b18a3417c22

python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.x86_64.rpm

SHA-256: a51a8ddbd14e736ab870e81203a2aa72ae70de61ca5824280701fd7e7a1a3a67

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8

SRPM

openvswitch2.16-2.16.0-74.el8fdp.src.rpm

SHA-256: 1c89eb3115b82b53549e8e26b55457ca4cfd9f824c9dea970a6cb68d6eb7dc1d

ppc64le

network-scripts-openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm

SHA-256: 6903c81cd58cf3250df4df2a9e8466938d0f62231a71737d4eb34327f5cbea7f

openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm

SHA-256: 3fb67a4da428e4b9585a2cbbde5b3339888b6c7ff7a80e4230927c960f965425

openvswitch2.16-debuginfo-2.16.0-74.el8fdp.ppc64le.rpm

SHA-256: 15f9a98454f59fb28e1b8dc60ce7b0f183f44b0fdda7e04f4df3829323053d99

openvswitch2.16-debugsource-2.16.0-74.el8fdp.ppc64le.rpm

SHA-256: 5cecb38e46950bafbf3509c03dcee08561c075214ec78188ddf05d3a88add894

openvswitch2.16-devel-2.16.0-74.el8fdp.ppc64le.rpm

SHA-256: a8faaddcca65acd5a34f32d47f24a6f608dc6c78aed6acaa60b0e61f4c001cf8

openvswitch2.16-ipsec-2.16.0-74.el8fdp.ppc64le.rpm

SHA-256: 6836ec7956509640275ebb8ac0b8573844ddcd6a639ccabab258ab50dfb6b4da

openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm

SHA-256: b0b4ba2452975431afae2f606c5da0415fd38de6b97091512bb83bde8ead15a1

python3-openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm

SHA-256: 9b9785c080e475e0df697fe5b0435aaf0194a4e4f9d8757b066b6bec4d886ce7

python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.ppc64le.rpm

SHA-256: 30d6651280b64799e58ace4d461c073558cc6e847403c0c3809585f4d939a657

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8

SRPM

openvswitch2.16-2.16.0-74.el8fdp.src.rpm

SHA-256: 1c89eb3115b82b53549e8e26b55457ca4cfd9f824c9dea970a6cb68d6eb7dc1d

s390x

network-scripts-openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm

SHA-256: e2b5f33b3d5e9fbb3bf02a140c6d3f4daec8b37a4085286290b4813c7147d07e

openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm

SHA-256: 099062509251d74d4c94cad5bb8f94b55fcc6cf3960d806a1d4b8267a38b4429

openvswitch2.16-debuginfo-2.16.0-74.el8fdp.s390x.rpm

SHA-256: 49950404d2f54168f0452e577b52f621f4244a3f3ec44c4df32f3e2ab00a96ad

openvswitch2.16-debugsource-2.16.0-74.el8fdp.s390x.rpm

SHA-256: 9184c0720915e8add21d6fda7be4f75e3f6ce6f3e26cd513933dfb5d11f0fa60

openvswitch2.16-devel-2.16.0-74.el8fdp.s390x.rpm

SHA-256: 8924409ad22568b59ed08de4c47cecd6dad19823376e9f04e2c5bf44decd977f

openvswitch2.16-ipsec-2.16.0-74.el8fdp.s390x.rpm

SHA-256: 3ba6b7de43b2de6e95345cd5e9c0f5720e35af22a8debf3a9d206bbb1f73093d

openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm

SHA-256: b0b4ba2452975431afae2f606c5da0415fd38de6b97091512bb83bde8ead15a1

python3-openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm

SHA-256: d685201e2d054402b2c16fd872720dcd3309297ffd20bbeecb99c0eaae07de39

python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.s390x.rpm

SHA-256: 9cb37f5b447759990ec7329c2e643d1a74852d8bd5cab176cbcf06d360465b10

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8

SRPM

openvswitch2.16-2.16.0-74.el8fdp.src.rpm

SHA-256: 1c89eb3115b82b53549e8e26b55457ca4cfd9f824c9dea970a6cb68d6eb7dc1d

aarch64

network-scripts-openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm

SHA-256: efdd3f991f15c00254e889b1fcc83c0a4c3299c96108d0d34c034c5b6decbaaf

openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm

SHA-256: d40c6d205ac386c779e91ffc9b5aeb65f4a077c90bf1f740c57ab3d29136d99f

openvswitch2.16-debuginfo-2.16.0-74.el8fdp.aarch64.rpm

SHA-256: 151cdd978767824a183f24b3e1724dcec35fe1d3cd822a5ac7d52cfb8518f2bf

openvswitch2.16-debugsource-2.16.0-74.el8fdp.aarch64.rpm

SHA-256: 973f16ec030c96714daf67bc82d29379b4f8661e33c21df8c5cf3ce882d00881

openvswitch2.16-devel-2.16.0-74.el8fdp.aarch64.rpm

SHA-256: 0bc721fd45381e4d4ff2ca4cc09b1aeb2a8bd9d5595360b2105a9d7c7ca9dc93

openvswitch2.16-ipsec-2.16.0-74.el8fdp.aarch64.rpm

SHA-256: 2709c093dc155bd8b0cfb8038996c1c767a95fa4c7935f1f26fc9b6de1da1f1e

openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm

SHA-256: b0b4ba2452975431afae2f606c5da0415fd38de6b97091512bb83bde8ead15a1

python3-openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm

SHA-256: 83a4bc808260a2953cc6ff1ccfb52e844b640d099e7fa42a1aa7719ade04ec4c

python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.aarch64.rpm

SHA-256: 19560279f0d940073dd673d3a0da593f7f8b32f997c5dbb2a3a65d060bae6ef2

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2022:8263: Red Hat Security Advisory: dpdk security and bug fix update

An update for dpdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-28199: dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

CVE-2022-0669: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

CVE-2021-3839: Invalid Bug ID

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Red Hat Security Advisory 2022-4786-01

Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-4788-01

Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-4787-01

Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:4786: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS

RHSA-2022:4786: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS

RHSA-2022:4787: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS