PT-2023-35420 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: openvswitch versions prior to v5.15.95 Linux Kernel versions prior to v5.15.95 Description: A possible memory leak was identified in the ovs meter cmd set function. The actual impact and attack plausibility have not yet been proven...

Ubuntu: Security Advisory (USN-5890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Open vSwitch vulnerabilities (USN-5890-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5890-1 advisory. Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this...

NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2023-0005)

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities: - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw...

SUSE CVE-2020-35498

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this...

SUSE CVE-2021-36980

Open vSwitch aka openvswitch 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

SUSE CVE-2022-2639

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write...

SUSE CVE-2022-4337

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch...

Virtuozzo Hybrid Infrastructure 5.4 (5.4.0-133)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover compute services, management node high availability, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...

GSD-2023-1002038 net: openvswitch: fix flow memory leak in ovs_flow_cmd_new

net: openvswitch: fix flow memory leak in ovsflowcmdnew This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...

GSD-2023-1001874 net: openvswitch: fix flow memory leak in ovs_flow_cmd_new

net: openvswitch: fix flow memory leak in ovsflowcmdnew This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

PT-2023-34950 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: openvswitch versions prior to v6.1.11 Description: A memory leak issue exists in the ovs flow cmd new function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in Linux Kernel version v6.1.2 and i...

openvswitch: Integer Underflow in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow...

openvswitch: Integer Underflow in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow...

Moderate: Red Hat Security Advisory: openvswitch2.13 security, bug fix and enhancement update

An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openvswitch: Integer Underflow in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow...

openvswitch: Out-of-Bounds Read in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service...

RHEL 9 : openvswitch2.17 (RHSA-2023:0691)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0691 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

RHEL 8 : openvswitch2.13 (RHSA-2023:0685)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0685 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

CVE-2022-4338 affecting package openvswitch 2.15.1-2

CVE-2022-4338 affecting package openvswitch 2.15.1-2. An upgraded version of the package is available that resolves this issue...