Headline
RHSA-2022:4786: Red Hat Security Advisory: openvswitch2.13 security update
An update for openvswitch2.13 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
- CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-05-27
Updated:
2022-05-27
RHSA-2022:4786 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch2.13 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch2.13 is now available in Fast Datapath for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch2.13: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
- openvswitch2.13: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Users of openvswitch2.13 are advised to upgrade to these updated packages, which fix these bugs.
Affected Products
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
Fixes
- BZ - 2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
- BZ - 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
- BZ - 2080270 - [22.D RHEL-8] Fast Datapath Release
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch2.13-2.13.0-180.el8fdp.src.rpm
SHA-256: e7bea18a5a528f913c45c7655ee8ee7492c8f3fdae4182c643ae26a541d5b548
x86_64
network-scripts-openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm
SHA-256: 0e7e6e3a3f342f0b49c49a3899de1bd750b28979b20e42b3b38347931af96997
openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm
SHA-256: 453721675f687a7350872d78be70a1830487949644373b69b6b861aebb23c48d
openvswitch2.13-debuginfo-2.13.0-180.el8fdp.x86_64.rpm
SHA-256: 05d6cb06de9bd91185af8c484168d7e2de90ea3c15a88362251c47d8dffb82dd
openvswitch2.13-debugsource-2.13.0-180.el8fdp.x86_64.rpm
SHA-256: f0db182c1e824467e90518868effe3fcb9b7e8550599024f257f2f8f6235d004
openvswitch2.13-devel-2.13.0-180.el8fdp.x86_64.rpm
SHA-256: 41292816acbccfcb18862026abb4d45dd25b28576536a8b966ca0afdeb617dea
openvswitch2.13-ipsec-2.13.0-180.el8fdp.x86_64.rpm
SHA-256: 719871bfe04ed4e4a1bf215c2ffad5ccde8109c8e75b1a7a65e95bc50e4f1b42
openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm
SHA-256: 43caa74050835fc9d608c81a2caa668b34e4c4f2aa0fa82e2e10af41f73c9ed4
python3-openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm
SHA-256: 18e03a342980966d08c3d8c6d0c104977837e8242363d6cddab2af1e43c3dc08
python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.x86_64.rpm
SHA-256: f00b1500c56783c2a0e4f1d9b893ecc744c0321ae803cf7002f769ecd7f9de75
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch2.13-2.13.0-180.el8fdp.src.rpm
SHA-256: e7bea18a5a528f913c45c7655ee8ee7492c8f3fdae4182c643ae26a541d5b548
ppc64le
network-scripts-openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm
SHA-256: 3b61e7c1a68e92ba814401516e0d7b84688497f6210d9ef27ad40d2f28282026
openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm
SHA-256: 74c6036ae8c2f7652a3df7e16c7c9b54766f6c1bb58ff1bac45f0bba2792bb9a
openvswitch2.13-debuginfo-2.13.0-180.el8fdp.ppc64le.rpm
SHA-256: d30bc438183db3db6a17c05f0d1a80ca684cdc822ed6a37c03badffd424df281
openvswitch2.13-debugsource-2.13.0-180.el8fdp.ppc64le.rpm
SHA-256: 7ec40ba5944cdc89c941685706063520b361c3bc88a2222c6cd2f632dfdace4e
openvswitch2.13-devel-2.13.0-180.el8fdp.ppc64le.rpm
SHA-256: b9f6538c0fad1fd3843c35f1106283bfa333950104ac0c8ed396313b9611c173
openvswitch2.13-ipsec-2.13.0-180.el8fdp.ppc64le.rpm
SHA-256: f76bd4e7e03f20260c8ebe8ed74554dc3683f6126d43e47f64343a8831ddfa7c
openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm
SHA-256: 43caa74050835fc9d608c81a2caa668b34e4c4f2aa0fa82e2e10af41f73c9ed4
python3-openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm
SHA-256: b4fb4bf222c7f188eb9b36b168e4576d87e5c00afc2ec3aa754afb3f8a1c9472
python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.ppc64le.rpm
SHA-256: f8455c4a6abd6ad2d569d5bcc8e36bb936b6b54501941374856f1b89741fc48b
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch2.13-2.13.0-180.el8fdp.src.rpm
SHA-256: e7bea18a5a528f913c45c7655ee8ee7492c8f3fdae4182c643ae26a541d5b548
s390x
network-scripts-openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm
SHA-256: 7bf28cad1da4056543c749857eb38b369ebb7cd0ca8cc7a47195384b11810a11
openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm
SHA-256: fea7c494b8868e73f1ed9c4c706d4e7f19914c5a203cc11f69ac4f2c27ccc451
openvswitch2.13-debuginfo-2.13.0-180.el8fdp.s390x.rpm
SHA-256: 9acf91469cd503612c921cb158df3276dfe4190bfee331fb04b8c06881d6100e
openvswitch2.13-debugsource-2.13.0-180.el8fdp.s390x.rpm
SHA-256: 60f11572bf222c1c2a38abf67fb56f6c2d1721674c09031a4abd2ec2173e89e9
openvswitch2.13-devel-2.13.0-180.el8fdp.s390x.rpm
SHA-256: 945d24c440d6730f4c685dc93cd09dba6e27e1a95f1c9d42c1128edc9c6a2bd3
openvswitch2.13-ipsec-2.13.0-180.el8fdp.s390x.rpm
SHA-256: c923dfd3f7fb941b3c83ffbda3f31855a9a3c26a37602aa03c8ea3586a735da6
openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm
SHA-256: 43caa74050835fc9d608c81a2caa668b34e4c4f2aa0fa82e2e10af41f73c9ed4
python3-openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm
SHA-256: 9cc08b8513dc4a164a14792fe118d981d0c918948dcedc6efbe64352783c80f5
python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.s390x.rpm
SHA-256: 3534e3db8e7b1dce8c22944f538e4545b29d25f35a8cb78929590803e85c0463
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch2.13-2.13.0-180.el8fdp.src.rpm
SHA-256: e7bea18a5a528f913c45c7655ee8ee7492c8f3fdae4182c643ae26a541d5b548
aarch64
network-scripts-openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm
SHA-256: 79810656471db2b670cea81773a94f0660045206fd92fea734119e48c061f8b9
openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm
SHA-256: 627ec0af5bd67856764045f720cd2c22a9a35cbd7aa03f1879b90a07f7f4e63d
openvswitch2.13-debuginfo-2.13.0-180.el8fdp.aarch64.rpm
SHA-256: c1cd2542df4a574cbe4763ef13d42f1f8b2e3da2fbfad7d55a6c5a6cfb0ea27f
openvswitch2.13-debugsource-2.13.0-180.el8fdp.aarch64.rpm
SHA-256: d1ec1b715e5f3129b7f0e9b190778c920caeb9ca224757bd3e5b143a8688b3c3
openvswitch2.13-devel-2.13.0-180.el8fdp.aarch64.rpm
SHA-256: fb7abea2a5860fa01dbcd7d71dc69870c104c8313fd38f28939f10746e8fc10e
openvswitch2.13-ipsec-2.13.0-180.el8fdp.aarch64.rpm
SHA-256: a034d3ac6e55e62f3474ca4eeff12c9e168208aa60d4cb0f4db473c36919df9c
openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm
SHA-256: 43caa74050835fc9d608c81a2caa668b34e4c4f2aa0fa82e2e10af41f73c9ed4
python3-openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm
SHA-256: 4ec8dfe134caf58eaebb92ad6a0829ef0ecf479c9329da48272b6bb674b91f82
python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.aarch64.rpm
SHA-256: 704faa3a3a371e2ce499c08ee2cf5771f4e2f9051a6f8ae8dfd4b722696f88e5
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for dpdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-28199: dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.
An update for openvswitch2.16 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-0669: dpdk: sending vhost-user-inflight type messages could lead to DoS