An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. Upstream Patch: https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde
Created openvswitch tracking bugs for this issue: Affects: openstack-rdo [bug 1632523]
Slightly adjusted scoring given the need for privileged access to OVS in order to access the interfaces required. RHOSP14 (OVS 2.6.1): openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) RHOSP13 (OVS 2.6.1) openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) - Commonly uses FDP version (2.9.0) RHOSP12 (OVS 2.7.4) openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) - Commonly uses FDP version (2.9.0) RHOSP10 (OVS 2.6.1) openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) - Commonly uses FDP version (2.9.0) RHOSP9 (OVS not packaged?) openvswitch: - Repo contains 2.5.0 (Installable after running rhos-release 9, seems to inherit from RHOS7 tag) - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) RHOSP8 (OVS not packaged?) openvswitch: - Repo contains 2.5.0 (Installable after running rhos-release 8, seems to inherit from RHOS7 tag) - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) RHOSP7 ELS (Important fixes only, 2.5.0) - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) Fast Data Path RHEL-7 (2.9.0) openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) openvswitch2.10: - CVE-2018-17204 (has been fixed, not vulnerable, code moved to lib/ofp-group.c)
This issue has been addressed in the following products: Fast Datapath for RHEL 7 Via RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2018:3500
OpenShift 3.1 to 3.4 included an openvswitch rpm. The node container image (https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/node) includes the patch for this flaw and as per OpenShift Container Platform Tested Integrations (https://access.redhat.com/articles/2176281) customers are advised to use the updated node container.
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0053
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:0081 https://access.redhat.com/errata/RHSA-2019:0081