CVE-2018-17205
openvswitch: Error during bundle commit in ofproto/ofproto.c:ofproto_rule_insert__() allows for crash
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
Se ha descubierto un problema en Open vSwitch (OvS) en versiones 2.7.x hasta la 2.7.6 que afecta a ofproto_rule_insert__ en ofproto/ofproto.c. Durante el commit bundle, los flujos que se añaden a un bundle se aplican a ofproto en orden. Si un flujo no se puede añadir (por ejemplo, la acción flow es un go-to para un ID de grupo que no existe), OvS intenta revertir todos los flujos anteriores cuando se aplican con éxito desde el mismo bundle. Esto es posible porque OvS mantiene una lista de flujos antiguos que se reemplazaron por flujos del bundle. Cuando se vuelve a insertar flujos antiguos, OvS tiene un fallo de aserción debido a una comprobación en la declaración de regla != RULE_INITIALIZED. Esto funcionaría para los nuevos flujos, pero para un flujo antiguo, la sentencia es RULE_REMOVED. El fallo de aserción provoca el cierre inesperado de OvS.
An issue was discovered in Open vSwitch (OvS), 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2, where the ofproto_rule_insert__() function inside ofproto/ofproto.c is affected by an assertion failure under certain circumstances.
A specially crafted flow update applied using the bundling feature of Open vSwitch could potentially cause the assertion failure, potentially leading to incorrect flow information being applied, or a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-19 CVE Reserved
- 2018-09-19 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-617: Reachable Assertion
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:3500 | 2021-08-04 | |
https://access.redhat.com/errata/RHSA-2019:0053 | 2021-08-04 | |
https://access.redhat.com/errata/RHSA-2019:0081 | 2021-08-04 | |
https://usn.ubuntu.com/3873-1 | 2021-08-04 | |
https://access.redhat.com/security/cve/CVE-2018-17205 | 2019-01-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1632525 | 2019-01-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openvswitch Search vendor "Openvswitch" | Openvswitch Search vendor "Openvswitch" for product "Openvswitch" | >= 2.7.0 <= 2.7.6 Search vendor "Openvswitch" for product "Openvswitch" and version " >= 2.7.0 <= 2.7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 10 Search vendor "Redhat" for product "Openstack" and version "10" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
|