Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:4786: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
  • CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-05-27

Updated:

2022-05-27

RHSA-2022:4786 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch2.13 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch2.13 is now available in Fast Datapath for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch2.13: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
  • openvswitch2.13: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch2.13 are advised to upgrade to these updated packages, which fix these bugs.

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 8 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64

Fixes

  • BZ - 2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
  • BZ - 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
  • BZ - 2080270 - [22.D RHEL-8] Fast Datapath Release

Red Hat Enterprise Linux Fast Datapath 8

SRPM

openvswitch2.13-2.13.0-180.el8fdp.src.rpm

SHA-256: e7bea18a5a528f913c45c7655ee8ee7492c8f3fdae4182c643ae26a541d5b548

x86_64

network-scripts-openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm

SHA-256: 0e7e6e3a3f342f0b49c49a3899de1bd750b28979b20e42b3b38347931af96997

openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm

SHA-256: 453721675f687a7350872d78be70a1830487949644373b69b6b861aebb23c48d

openvswitch2.13-debuginfo-2.13.0-180.el8fdp.x86_64.rpm

SHA-256: 05d6cb06de9bd91185af8c484168d7e2de90ea3c15a88362251c47d8dffb82dd

openvswitch2.13-debugsource-2.13.0-180.el8fdp.x86_64.rpm

SHA-256: f0db182c1e824467e90518868effe3fcb9b7e8550599024f257f2f8f6235d004

openvswitch2.13-devel-2.13.0-180.el8fdp.x86_64.rpm

SHA-256: 41292816acbccfcb18862026abb4d45dd25b28576536a8b966ca0afdeb617dea

openvswitch2.13-ipsec-2.13.0-180.el8fdp.x86_64.rpm

SHA-256: 719871bfe04ed4e4a1bf215c2ffad5ccde8109c8e75b1a7a65e95bc50e4f1b42

openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm

SHA-256: 43caa74050835fc9d608c81a2caa668b34e4c4f2aa0fa82e2e10af41f73c9ed4

python3-openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm

SHA-256: 18e03a342980966d08c3d8c6d0c104977837e8242363d6cddab2af1e43c3dc08

python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.x86_64.rpm

SHA-256: f00b1500c56783c2a0e4f1d9b893ecc744c0321ae803cf7002f769ecd7f9de75

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8

SRPM

openvswitch2.13-2.13.0-180.el8fdp.src.rpm

SHA-256: e7bea18a5a528f913c45c7655ee8ee7492c8f3fdae4182c643ae26a541d5b548

ppc64le

network-scripts-openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm

SHA-256: 3b61e7c1a68e92ba814401516e0d7b84688497f6210d9ef27ad40d2f28282026

openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm

SHA-256: 74c6036ae8c2f7652a3df7e16c7c9b54766f6c1bb58ff1bac45f0bba2792bb9a

openvswitch2.13-debuginfo-2.13.0-180.el8fdp.ppc64le.rpm

SHA-256: d30bc438183db3db6a17c05f0d1a80ca684cdc822ed6a37c03badffd424df281

openvswitch2.13-debugsource-2.13.0-180.el8fdp.ppc64le.rpm

SHA-256: 7ec40ba5944cdc89c941685706063520b361c3bc88a2222c6cd2f632dfdace4e

openvswitch2.13-devel-2.13.0-180.el8fdp.ppc64le.rpm

SHA-256: b9f6538c0fad1fd3843c35f1106283bfa333950104ac0c8ed396313b9611c173

openvswitch2.13-ipsec-2.13.0-180.el8fdp.ppc64le.rpm

SHA-256: f76bd4e7e03f20260c8ebe8ed74554dc3683f6126d43e47f64343a8831ddfa7c

openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm

SHA-256: 43caa74050835fc9d608c81a2caa668b34e4c4f2aa0fa82e2e10af41f73c9ed4

python3-openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm

SHA-256: b4fb4bf222c7f188eb9b36b168e4576d87e5c00afc2ec3aa754afb3f8a1c9472

python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.ppc64le.rpm

SHA-256: f8455c4a6abd6ad2d569d5bcc8e36bb936b6b54501941374856f1b89741fc48b

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8

SRPM

openvswitch2.13-2.13.0-180.el8fdp.src.rpm

SHA-256: e7bea18a5a528f913c45c7655ee8ee7492c8f3fdae4182c643ae26a541d5b548

s390x

network-scripts-openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm

SHA-256: 7bf28cad1da4056543c749857eb38b369ebb7cd0ca8cc7a47195384b11810a11

openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm

SHA-256: fea7c494b8868e73f1ed9c4c706d4e7f19914c5a203cc11f69ac4f2c27ccc451

openvswitch2.13-debuginfo-2.13.0-180.el8fdp.s390x.rpm

SHA-256: 9acf91469cd503612c921cb158df3276dfe4190bfee331fb04b8c06881d6100e

openvswitch2.13-debugsource-2.13.0-180.el8fdp.s390x.rpm

SHA-256: 60f11572bf222c1c2a38abf67fb56f6c2d1721674c09031a4abd2ec2173e89e9

openvswitch2.13-devel-2.13.0-180.el8fdp.s390x.rpm

SHA-256: 945d24c440d6730f4c685dc93cd09dba6e27e1a95f1c9d42c1128edc9c6a2bd3

openvswitch2.13-ipsec-2.13.0-180.el8fdp.s390x.rpm

SHA-256: c923dfd3f7fb941b3c83ffbda3f31855a9a3c26a37602aa03c8ea3586a735da6

openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm

SHA-256: 43caa74050835fc9d608c81a2caa668b34e4c4f2aa0fa82e2e10af41f73c9ed4

python3-openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm

SHA-256: 9cc08b8513dc4a164a14792fe118d981d0c918948dcedc6efbe64352783c80f5

python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.s390x.rpm

SHA-256: 3534e3db8e7b1dce8c22944f538e4545b29d25f35a8cb78929590803e85c0463

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8

SRPM

openvswitch2.13-2.13.0-180.el8fdp.src.rpm

SHA-256: e7bea18a5a528f913c45c7655ee8ee7492c8f3fdae4182c643ae26a541d5b548

aarch64

network-scripts-openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm

SHA-256: 79810656471db2b670cea81773a94f0660045206fd92fea734119e48c061f8b9

openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm

SHA-256: 627ec0af5bd67856764045f720cd2c22a9a35cbd7aa03f1879b90a07f7f4e63d

openvswitch2.13-debuginfo-2.13.0-180.el8fdp.aarch64.rpm

SHA-256: c1cd2542df4a574cbe4763ef13d42f1f8b2e3da2fbfad7d55a6c5a6cfb0ea27f

openvswitch2.13-debugsource-2.13.0-180.el8fdp.aarch64.rpm

SHA-256: d1ec1b715e5f3129b7f0e9b190778c920caeb9ca224757bd3e5b143a8688b3c3

openvswitch2.13-devel-2.13.0-180.el8fdp.aarch64.rpm

SHA-256: fb7abea2a5860fa01dbcd7d71dc69870c104c8313fd38f28939f10746e8fc10e

openvswitch2.13-ipsec-2.13.0-180.el8fdp.aarch64.rpm

SHA-256: a034d3ac6e55e62f3474ca4eeff12c9e168208aa60d4cb0f4db473c36919df9c

openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm

SHA-256: 43caa74050835fc9d608c81a2caa668b34e4c4f2aa0fa82e2e10af41f73c9ed4

python3-openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm

SHA-256: 4ec8dfe134caf58eaebb92ad6a0829ef0ecf479c9329da48272b6bb674b91f82

python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.aarch64.rpm

SHA-256: 704faa3a3a371e2ce499c08ee2cf5771f4e2f9051a6f8ae8dfd4b722696f88e5

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2022:8263: Red Hat Security Advisory: dpdk security and bug fix update

An update for dpdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-28199: dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

CVE-2022-0669: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

CVE-2021-3839: Invalid Bug ID

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Red Hat Security Advisory 2022-4786-01

Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-4788-01

Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-4787-01

Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:4788: Red Hat Security Advisory: openvswitch2.16 security update

An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS

RHSA-2022:4787: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS