USN-6795-1 linux-intel-iotg vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 It was...

SUSE CVE-2023-52702

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible memory leak in ovsmetercmdset oldmeter needs to be free after it is detached regardless of whether the new meter is successfully attached...

Ubuntu: Security Advisory (USN-6766-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6766-3: Linux kernel (AWS) vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

Ubuntu: Security Advisory (USN-6766-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6766-2: Linux kernel vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

USN-6766-2 linux-hwe-5.15, linux-raspi vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

DEBIAN-CVE-2024-27395

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovsctexit Since kfreercu, which is called in the hlistforeachentryrcu traversal of ovsctlimitexit, is not part of the RCU read critical section, it is possible that the RCU grace period wil...

RHEL 9 : openvswsitch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet CVE-2023-3966 Note that Nessus ha...

RHEL 7 : openvswsitch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet CVE-2023-3966 Note that Nessus ha...

USN-6766-1 linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

USN-6766-1: Linux kernel vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

Fedora 40 : openvswitch (2024-1f26ce7731)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1f26ce7731 advisory. Update to 3.3.0 Remove network-scripts subpackage starting from Fedora 40 Backport a simple fix to avoid SSL db: implementation test to fail It also...

The vulnerability of the Open vSwitch (OvS) multi-level switch lies in insufficient data authentication, which allows attackers to redirect ICMPv6 traffic to arbitrary IP addresses.

The vulnerability of the Open vSwitch OvS multi-level switch lies in insufficient verification of data authenticity. Exploiting this vulnerability allows an attacker to redirect ICMPv6 traffic to arbitrary IP addresses...

ROS-20240423-08

A vulnerability in the Open vSwitch OvS software multilayer switch allows ICMPv6 packets to announce neighbors between virtual machines to bypass OpenFlow rules. Exploitation of the vulnerability could allow an attacker, to create special packets with a modified or spoofed target IP address field...

ROS-20240422-08

A vulnerability in the TC flower packet management filter of the software-defined multi-tiered Open vSwitch OvS switch is related to flaws in the handling of exceptional states resulting from an incorrect validation of Geneve packet metadata. incorrect validation of Geneve packet metadata...

USN-6739-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service system crash. CVE-2022-20422 Wei Chen discovered that a race condition existed in the TIPC protocol implementation in...

The vulnerability of the ovs_pcap_open() function in the Open vSwitch software-level switch allows a attacker to cause a service failure.

The vulnerability of the ovspcapopen function in the Open vSwitch multi-level switch device is related to memory release errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

OESA-2024-1384 openvswitch security update

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. Security Fixes: An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new actio...

Fedora: Security Advisory (FEDORA-2024-a4530e9bfe)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...