SUSE CVE-2018-14636

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due ...

SUSE CVE-2018-17204

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...

SUSE CVE-2018-17205

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting ofprotoruleinsert in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added e.g., the flow action is a go-to for a group id that does not exist,...

SUSE CVE-2018-17206

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6. The decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding...

SUSE CVE-2021-3905

A memory leak was found in Open vSwitch OVS during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments...

SUSE CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some...

PT-2023-35114 · Unknown · Openvswitch

Name of the Vulnerable Software and Affected Versions: openvswitch versions prior to v5.15.93 Description: A memory leak issue was discovered in the ovs flow cmd new function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v5.15.86 and is...

Moderate: Red Hat Security Advisory: openvswitch2.15 security, bug fix and enhancement update

An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openvswitch: Out-of-Bounds Read in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service...

openvswitch: Out-of-Bounds Read in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service...

Moderate: Red Hat Security Advisory: openvswitch2.16 security, bug fix and enhancement update

An update for openvswitch2.16 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openvswitch: Out-of-Bounds Read in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service...

Moderate: Red Hat Security Advisory: openvswitch2.17 security, bug fix and enhancement update

An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: openvswitch2.17 security, bug fix and enhancement update

An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openvswitch: Integer Underflow in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow...

openvswitch: Out-of-Bounds Read in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service...

The vulnerability of the Open vSwitch multi-level switch lies in the loss of significance of a whole number, allowing an attacker to execute any code in the target system.

The vulnerability of the Open vSwitch multi-level switch lies in the loss of significance of a whole number during the Auto Attach TLV process. Exploiting this vulnerability allows an attacker to send specially crafted LLDP messages to the vulnerable system, causing a full number of significant...

The vulnerability of the Open vSwitch multi-level switch software, related to the loss of the significance of a whole number, allows an attacker to execute arbitrary code in the target system.

The vulnerability of the Open vSwitch multi-level switch lies in the loss of significance of a whole number during the analysis of Auto Attach TLV. Exploiting this vulnerability allows an attacker to send specially crafted LLDP messages to the vulnerable system, causing a full number of significa...

OESA-2023-1042 openvswitch security update

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. Security Fixes: An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.CVE-2022-4338...

OESA-2023-1043 openvswitch security update

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. Security Fixes: An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.CVE-2022-4338...