Bug 2130577 (CVE-2022-32166)

Summary: CVE-2022-32166 openvswitch: Heap buffer over-read in flow.c
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aconole, amusil, apevec, chrisw, ctrautma, echaudro, eglynn, fleitner, jburrell, jhsiao, jjoyce, lhh, mburns, mgarciac, michal.skrivanek, mperina, ovs-qe, ovs-team, ralongi, rhos-maint, rkhan, spower, tgraf, tredaelli, zhijianli88
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openvswitch 2.5.0 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenVSwitch. Versions 0.90.0 through 2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and remote execution.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2130578, 2132865    
Bug Blocks: 2130579    

Description Pedro Sampaio 2022-09-28 13:47:50 UTC 
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

References:

https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
Comment 1 Pedro Sampaio 2022-09-28 13:48:09 UTC 
Created openvswitch tracking bugs for this issue:

Affects: fedora-all [bug 2130578]
Comment 3 zhijianli88 2023-04-24 08:09:33 UTC 
(In reply to Pedro Sampaio from comment #0)
> In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer
> over-read in flow.c. An unsafe comparison of “minimasks” function could lead
> access to an unmapped region of memory. This vulnerability is capable of
> crashing the software, memory modification, and possible remote execution.
> 
> References:
> 
> https://github.com/cloudbase/ovs/commit/
> 2ed6505555cdcb46f9b1f0329d1491b75290fc73

I looked into ovs 2.0.0 and 2.4.0, it's believed this vulnerability does not impact these 2 versions.