Multiple versions of Open vSwitch are vulnerable to denial of service attacks in which crafted LLDP packets could cause memory to be lost when allocating data to handle specific optional TLVs. Triggering the vulnerability requires LLDP processing to be enabled for a specific port. Open vSwitch versions before 2.5.x are not vulnerable. References: https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
Created lldpd tracking bugs for this issue: Affects: epel-7 [bug 1921442] Affects: fedora-all [bug 1921441] Created openvswitch tracking bugs for this issue: Affects: fedora-all [bug 1921440] Affects: openstack-rdo [bug 1921439]
Open vSwitch pull request: https://github.com/openvswitch/ovs/pull/337 Open vSwitch fix: https://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0
Statement: Red Hat OpenStack Platform 13's openvswitch package will receive it's fixes from Fast Datapath.
External References: https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2021:0497 https://access.redhat.com/errata/RHSA-2021:0497
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27827
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2021:0837 https://access.redhat.com/errata/RHSA-2021:0837
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 7 Via RHSA-2021:0834 https://access.redhat.com/errata/RHSA-2021:0834
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 7 Via RHSA-2021:0835 https://access.redhat.com/errata/RHSA-2021:0835
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2021:0976 https://access.redhat.com/errata/RHSA-2021:0976
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2021:1050 https://access.redhat.com/errata/RHSA-2021:1050
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2021:1051 https://access.redhat.com/errata/RHSA-2021:1051
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 7 Via RHSA-2021:2077 https://access.redhat.com/errata/RHSA-2021:2077
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2021:2456 https://access.redhat.com/errata/RHSA-2021:2456