Advisory ROSA-SA-2023-2262

Software: openvswitch 2.16.1
OS: ROSA-CHROME

package_evr_string: openvswitch-2.16.1-3.src.rpm

CVE-ID: CVE-2019-25076
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The TSS (Tuple Space Search) algorithm in Open vSwitch versions 2.x-2.17.2 and 3.0.0 allows remote attackers to cause denial of service (delaying legitimate traffic) using crafted packet data that requires excessive evaluation time as part of packet classification. algorithm for the MegaFlow cache, also known as the Tuple Space Explosion (TSE) attack.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openvswitch

CVE-ID: CVE-2021-3905
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A memory leak was detected in Open vSwitch (OVS) while processing a user-space IP fragmentation. An attacker could exploit this vulnerability to potentially exhaust available memory by continuing to send packet fragments.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openvswitch

CVE-ID: CVE-2022-4337
BDU-ID: 2023-00290
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the Open vSwitch software tiered switch is related to the loss of integer significance when parsing Auto Attach TLVs. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted LLDP messages to a vulnerable system, trigger integer loss of significance, and execute arbitrary code on the target system
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openvswitch

CVE-ID: CVE-2022-4338
BDU-ID: 2023-00291
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the Open vSwitch software tiered switch is related to the loss of integer significance in Auto Attach TLV parsing. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted LLDP messages to a vulnerable system, trigger integer loss of significance, and execute arbitrary code on the target system
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openvswitch