CVE-2022-49086 net: openvswitch: fix leak of nested actions

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while...

Release Information for Proxmox Virtual Environment Plug-In v12.1.3.217

Update: 2025-03-19 Consider the following regarding the Proxmox Virtual Environment Plug-In: The Plug-in build on this page, 12.1.3.217, is included automatically when upgrading to or installing Veeam Backup & Replication 12.3.1. The Plug-in only needs to be manually deployed by customers still...

UBUNTU-CVE-2025-21681

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: dooutput - ovsvportsend - devqueuexmit - devqueuexmit - netdevcorepicktx -...

CVE-2025-21681

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: dooutput - ovsvportsend - devqueuexmit - devqueuexmit - netdevcorepicktx -...

Advisory ROSA-SA-2025-2664

software: openvswitch 2.17.8 OS: ROSA-CHROME packageevrstring: openvswitch-2.17.8 CVE-ID: CVE-2023-5366 BDU-ID: 2024-03244 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Open vSwitch OvS software tiered switch is related to insufficient data authentication. Exploitation of the vulnerability...

Hotfix XS82ECU1081 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1 and is only available to customers on theCustomer Success Servicesprogram. Note: Citrix Hypervisor 8.2 Cumulative Update 1 reaches end of life on Jun 25, 2025. Upgrade toXenServer...

OESA-2025-1029 dpdk security update

The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the...

dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...

OESA-2025-1003 dpdk security update

The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the...

OESA-2025-1002 dpdk security update

The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the...

CVE-2024-11614

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...

kernel: stack overflow problem in Open vSwitch kernel module leading to DoS

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...

lldp/openvswitch: denial of service via externally triggered memory leak

A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability...

RHEL 7 : openvswitch (RHSA-2017:2727)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2727 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

RHEL 7 : openvswitch (RHSA-2017:2665)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2665 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

RHEL 7 : openvswitch (RHSA-2017:2698)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2698 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

RHEL 7 : openvswitch (RHSA-2017:2553)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2553 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

kernel: net: openvswitch: fix overwriting ct original tuple for ICMPv6

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVSPACKETCMDEXECUTE has 3 main attributes: - OVSPACKETATTRKEY - Packet metadata in a netlink format. - OVSPACKETATTRPACKET - Binary packet content. -...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7009-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

kernel: net: openvswitch: fix overwriting ct original tuple for ICMPv6

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVSPACKETCMDEXECUTE has 3 main attributes: - OVSPACKETATTRKEY - Packet metadata in a netlink format. - OVSPACKETATTRPACKET - Binary packet content. -...