PT-2025-27732

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0-121-generic 131-Ubuntu Description: A vulnerability in the Linux kernel has been resolved, specifically in the openvswitch module. The issue occurs when an unexpected MPLS packet does not end with the...

CVE-2021-47136

In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skbextadd doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TCSKBEXT originally contained only sing...

SUSE SLES12 Security Update : openvswitch (SUSE-SU-2022:4050-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4050-1 advisory. - In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of minimasks function could...

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166 ovs - buffer over-read

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166

Open vSwitch (Openvswitch) is affected by CVE-2022-32166 for versions v0.90.0 through v2.5.0, due to a heap/buffer over-read in flow.c caused by an unsafe minimasks comparison. The vulnerability can crash the software, enable memory modification, and may allow remote execution. Public documents i...

Open vSwitch: Remote execution of arbitrary code

Background Open vSwitch is a production quality multilayer virtual switch. Description A buffer overflow was discovered in lib/flow.c in ovs-vswitchd. Impact A remote attacker, using a specially crafted MPLS packet, could execute arbitrary code. Workaround There is no known workaround at this tim...

CVE-2016-2074

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command...

CVE-2016-2074

Open vSwitch: MPLS processing in ovs-vswitchd contains a buffer overflow in OpenFlow/MPLS label handling affecting Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1. A remote attacker can exploit crafted MPLS packets to achieve arbitrary code execution or DoS. Upstream fixes are in...

UBUNTU-CVE-2016-2074

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command...