Bug 1921438 (CVE-2020-27827)
Summary: | CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aconole, apevec, bmontgom, chrisw, ctrautma, dbecker, dblechte, dfediuck, dramseur, eedri, eparis, fleitner, james.hogarth, jburrell, jhsiao, jhunter, jjoyce, jminter, jokerman, jschluet, kmitts, lhh, lpeer, mburns, mgala, mgoldboi, michal.skrivanek, mjudeiki, nlevy, nstielau, ovs-team, ralongi, rhos-maint, rkhan, sbonazzo, sclewis, sherold, slinaber, sponnaga, srevivo, tgraf, tredaelli, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-11 16:10:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1921442, 1921439, 1921440, 1921441, 1922068, 1922069, 1922070, 1922439, 1922440, 1923221, 1923222, 1923223, 1923224, 1923225, 1923226, 1923227, 1923228, 1923229, 1924956 | ||
Bug Blocks: | 1921443, 1939725 |
Description
Pedro Sampaio
2021-01-28 02:00:58 UTC
Created lldpd tracking bugs for this issue: Affects: epel-7 [bug 1921442] Affects: fedora-all [bug 1921441] Created openvswitch tracking bugs for this issue: Affects: fedora-all [bug 1921440] Affects: openstack-rdo [bug 1921439] Open vSwitch pull request: https://github.com/openvswitch/ovs/pull/337 Open vSwitch fix: https://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0 Statement: Red Hat OpenStack Platform 13's openvswitch package will receive it's fixes from Fast Datapath. External References: https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2021:0497 https://access.redhat.com/errata/RHSA-2021:0497 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27827 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2021:0837 https://access.redhat.com/errata/RHSA-2021:0837 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 7 Via RHSA-2021:0834 https://access.redhat.com/errata/RHSA-2021:0834 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 7 Via RHSA-2021:0835 https://access.redhat.com/errata/RHSA-2021:0835 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2021:0976 https://access.redhat.com/errata/RHSA-2021:0976 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2021:1050 https://access.redhat.com/errata/RHSA-2021:1050 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2021:1051 https://access.redhat.com/errata/RHSA-2021:1051 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 7 Via RHSA-2021:2077 https://access.redhat.com/errata/RHSA-2021:2077 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2021:2456 https://access.redhat.com/errata/RHSA-2021:2456 |