Bug 1921438 (CVE-2020-27827) - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak
Summary: CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered m...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-27827
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1921442 1921439 1921440 1921441 1922068 1922069 1922070 1922439 1922440 1923221 1923222 1923223 1923224 1923225 1923226 1923227 1923228 1923229 1924956
Blocks: 1921443 1939725
TreeView+ depends on / blocked
 
Reported: 2021-01-28 02:00 UTC by Pedro Sampaio
Modified: 2023-09-22 09:20 UTC (History)
43 users (show)

Fixed In Version: lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2021-02-11 16:10:19 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:2520 0 None None None 2021-06-22 13:00:46 UTC
Red Hat Product Errata RHSA-2021:0497 0 None None None 2021-02-11 14:52:16 UTC
Red Hat Product Errata RHSA-2021:0834 0 None None None 2021-03-15 14:35:11 UTC
Red Hat Product Errata RHSA-2021:0835 0 None None None 2021-03-15 14:35:42 UTC
Red Hat Product Errata RHSA-2021:0837 0 None None None 2021-03-15 14:33:37 UTC
Red Hat Product Errata RHSA-2021:0976 0 None None None 2021-03-23 18:51:43 UTC
Red Hat Product Errata RHSA-2021:2456 0 None None None 2021-06-16 10:57:43 UTC

Description Pedro Sampaio 2021-01-28 02:00:58 UTC 
Multiple versions of Open vSwitch are vulnerable to denial of service
attacks in which crafted LLDP packets could cause memory to be lost
when allocating data to handle specific optional TLVs.  Triggering the
vulnerability requires LLDP processing to be enabled for a specific
port.  Open vSwitch versions before 2.5.x are not vulnerable.

References:

https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
Comment 1 Pedro Sampaio 2021-01-28 02:02:03 UTC 
Created lldpd tracking bugs for this issue:

Affects: epel-7 [bug 1921442]
Affects: fedora-all [bug 1921441]


Created openvswitch tracking bugs for this issue:

Affects: fedora-all [bug 1921440]
Affects: openstack-rdo [bug 1921439]
Comment 4 Mauro Matteo Cascella 2021-01-29 17:51:30 UTC 
Open vSwitch pull request:
https://github.com/openvswitch/ovs/pull/337

Open vSwitch fix:
https://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0
Comment 8 Anten Skrabec 2021-02-09 22:16:21 UTC 
Statement:

Red Hat OpenStack Platform 13's openvswitch package will receive it's fixes from Fast Datapath.
Comment 9 Anten Skrabec 2021-02-09 22:16:45 UTC 
External References:

https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
Comment 11 errata-xmlrpc 2021-02-11 14:52:13 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2021:0497 https://access.redhat.com/errata/RHSA-2021:0497
Comment 12 Product Security DevOps Team 2021-02-11 16:10:19 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-27827
Comment 13 errata-xmlrpc 2021-03-15 14:33:31 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2021:0837 https://access.redhat.com/errata/RHSA-2021:0837
Comment 14 errata-xmlrpc 2021-03-15 14:35:08 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 7

Via RHSA-2021:0834 https://access.redhat.com/errata/RHSA-2021:0834
Comment 15 errata-xmlrpc 2021-03-15 14:35:38 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 7

Via RHSA-2021:0835 https://access.redhat.com/errata/RHSA-2021:0835
Comment 16 errata-xmlrpc 2021-03-23 18:51:43 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2021:0976 https://access.redhat.com/errata/RHSA-2021:0976
Comment 17 errata-xmlrpc 2021-03-31 12:57:00 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2021:1050 https://access.redhat.com/errata/RHSA-2021:1050
Comment 18 errata-xmlrpc 2021-03-31 12:57:39 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2021:1051 https://access.redhat.com/errata/RHSA-2021:1051
Comment 19 errata-xmlrpc 2021-05-20 19:30:12 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 7

Via RHSA-2021:2077 https://access.redhat.com/errata/RHSA-2021:2077
Comment 20 errata-xmlrpc 2021-06-16 10:57:37 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2021:2456 https://access.redhat.com/errata/RHSA-2021:2456
Note You need to log in before you can comment on or make changes to this bug.