1995273 – (CVE-2021-38598) CVE-2021-38598 openstack-neutron: Linuxbridge ARP filter bypass on Netfilter platforms

Bug 1995273 (CVE-2021-38598) - CVE-2021-38598 openstack-neutron: Linuxbridge ARP filter bypass on Netfilter platforms

Summary: CVE-2021-38598 openstack-neutron: Linuxbridge ARP filter bypass on Netfilter ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2021-38598
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1995274
TreeView+	depends on / blocked

Reported:	2021-08-18 17:32 UTC by Pedro Sampaio
Modified:	2021-09-22 12:53 UTC (History)
CC List:	13 users (show)
Fixed In Version:	neutron 16.4.1, neutron 17.1.3
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in neutron's Linux bridge driver on newer Netfilter-based platforms. This flaw allows a malicious user in control of a server instance connected to the virtual switch to send a crafted packet and impersonate hardware addresses of other systems on the network. The highest threat from this vulnerability is to system availability, but could also result in the interception of traffic intended for other destinations.
Clone Of:
Environment:
Last Closed:	2021-08-23 03:34:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-08-18 17:32:14 UTC

===================================================================
OSSA-2021-004: Linuxbridge ARP filter bypass on Netfilter platforms
===================================================================

:Date: August 17, 2021
:CVE: CVE-2021-38598


Affects
~~~~~~~
- Neutron: <16.4.1, >=17.0.0 <17.1.3, ==18.0.0


Description
~~~~~~~~~~~
Jake Yip with ARDC and Justin Mammarella with the University of
Melbourne reported a vulnerability in Neutron's linuxbridge driver
on newer Netfilter-based platforms (the successor to IPTables). By
sending carefully crafted packets, anyone in control of a server
instance connected to the virtual switch can impersonate the
hardware addresses of other systems on the network, resulting in
denial of service or in some cases possibly interception of traffic
intended for other destinations. Only deployments using the
linuxbridge driver with ebtables-nft are affected.


Patches
~~~~~~~
- https://review.opendev.org/804058 (Train)
- https://review.opendev.org/804057 (Ussuri)
- https://review.opendev.org/804056 (Victoria)
- https://review.opendev.org/785917 (Wallaby)
- https://review.opendev.org/785177 (Xena)


Credits
~~~~~~~
- Jake Yip from ARDC (CVE-2021-38598)
- Justin Mammarella from University of Melbourne (CVE-2021-38598)


References
~~~~~~~~~~
- https://launchpad.net/bugs/1938670
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38598


Notes
~~~~~
- The stable/train branch is under extended maintenance and will
  receive no new point releases, but a patch for it is provided as a
  courtesy.

-- 
Jeremy Stanley

References:

https://seclists.org/oss-sec/2021/q3/107

Comment 1 Product Security DevOps Team 2021-08-23 03:34:53 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-38598

Note You need to log in before you can comment on or make changes to this bug.