CVE-2018-17205 – openvswitch: Error during bundle commit in ofproto/ofproto.c:ofproto_rule_insert__() allows for crash
https://notcve.org/view.php?id=CVE-2018-17205
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state ! • https://access.redhat.com/errata/RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0081 https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 https://usn.ubuntu.com/3873-1 https://access.redhat.com/security/cve/CVE-2018-17205 https://bugzilla.redhat.com/show_bug.cgi?id=1632525 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2018-17206 – openvswitch: Buffer over-read in lib/ofp-actions.c:decode_bundle()
https://notcve.org/view.php?id=CVE-2018-17206
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. Se ha descubierto un problema en Open vSwitch, en versiones 2.7.x hasta la 2.7.6. La función decode_bundle dentro de lib/ofp-actions.c se ve afectada por un problema de sobrelectura de búfer durante la decodificación de la acción BUNDLE. An issue was discovered in Open vSwitch (OvS) 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2 where the decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. A specially crafted flow update applied using the bundling feature of Open vSwitch could potentially cause a crash leading to a denial of service. • https://access.redhat.com/errata/RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0081 https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://usn.ubuntu.com/3873-1 https://access.redhat.com/security/cve/CVE-2018-17206 https://bugzilla.redhat.com/show_bug.cgi?id=1632528 • CWE-125: Out-of-bounds Read •
CVE-2018-17204 – openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure
https://notcve.org/view.php?id=CVE-2018-17204
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. Se ha descubierto un problema en Open vSwitch (OvS) en versiones 2.7.x hasta la 2.7.6 que afecta a parse_group_prop_ntr_selection_method en lib/ofp-util.c. • https://access.redhat.com/errata/RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0081 https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://usn.ubuntu.com/3873-1 https://access.redhat.com/security/cve/CVE-2018-17204 https://bugzilla.redhat.com/show_bug.cgi?id=1632522 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2018-14635 – openstack-neutron: A router interface out of subnet IP range results in a denial of service
https://notcve.org/view.php?id=CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable. Al emplear el controlador de Linux bridge ml2, los inquilinos sin privilegios pueden crear y adjuntar puertos sin especificar una dirección IP, omitiendo la validación de direcciones IP. Podría ocurrir una denegación de servicio (DoS) si una dirección IP, en conflicto con invitados o routers existentes, se asigna desde fuera del grupo de asignación permitido. • https://access.redhat.com/errata/RHSA-2018:2710 https://access.redhat.com/errata/RHSA-2018:2715 https://access.redhat.com/errata/RHSA-2018:2721 https://access.redhat.com/errata/RHSA-2018:3792 https://bugs.launchpad.net/neutron/+bug/1757482 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635 https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d https://access.redhat.com/security/cve/CVE-2018-14635 https://bugzilla.redhat.com/show • CWE-20: Improper Input Validation •
CVE-2017-15139 – openstack-cinder: Data retained after deletion of a ScaleIO volume
https://notcve.org/view.php?id=CVE-2017-15139
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. Se ha detectado una vulnerabilidad en las versiones de openstack-cinder hasta (e incluyendo) Queens, que permite que los volúmenes nuevos creados en ciertas configuraciones de volúmenes de almacenamiento contengan datos anteriores. Específicamente, esto afecta a los volúmenes ScaleIO que emplean volúmenes finos y un relleno de cero. • https://access.redhat.com/errata/RHSA-2018:3601 https://access.redhat.com/errata/RHSA-2019:0917 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 https://wiki.openstack.org/wiki/OSSN/OSSN-0084 https://access.redhat.com/security/cve/CVE-2017-15139 https://bugzilla.redhat.com/show_bug.cgi?id=1599899 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •