CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
75.0%
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC
aging time of 0 disables MAC learning in linuxbridge, forcing obligatory
Ethernet flooding of non-local destinations, which both impedes network
performance and allows users to possibly view the content of packets for
instances belonging to other tenants sharing the same network. Only
deployments using the linuxbridge backend are affected. This occurs in
PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.
Author | Note |
---|---|
mdeslaur | code introduced in 1.15.0 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | python-os-vif | < any | UNKNOWN |
ubuntu | 22.04 | noarch | python-os-vif | < any | UNKNOWN |
www.openwall.com/lists/oss-security/2019/08/29/2
launchpad.net/bugs/cve/CVE-2019-15753
nvd.nist.gov/vuln/detail/CVE-2019-15753
review.opendev.org/672834
review.opendev.org/678098
security-tracker.debian.org/tracker/CVE-2019-15753
security.openstack.org/ossa/OSSA-2019-004.html
www.cve.org/CVERecord?id=CVE-2019-15753
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
75.0%