By supplying a specially crafted extra_dhcp_opts value, an authenticated user may add arbitrary configuration to the dnsmasq process in order to crash the service, change parameters for other tenants sharing the same interface, or otherwise alter that daemon's behavior. Thi vulnerability may also be used to trigger a configuration parsing buffer overflow in versions of dnsmasq prior to 2.81, which could lead to remote code execution. All Neutron deployments are affected. References: https://launchpad.net/bugs/1939733
Created openstack-neutron tracking bugs for this issue: Affects: openstack-rdo [bug 1999832]
*** Bug 1997808 has been marked as a duplicate of this bug. ***
Upstream patches: https://review.opendev.org/806750 (Ussuri) https://review.opendev.org/806749 (Victoria) https://review.opendev.org/806748 (Wallaby) https://review.opendev.org/806746 (Xena)
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2021:3481 https://access.redhat.com/errata/RHSA-2021:3481
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-40085
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2021:3502 https://access.redhat.com/errata/RHSA-2021:3502
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 - ELS Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2021:3503 https://access.redhat.com/errata/RHSA-2021:3503
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2021:3488 https://access.redhat.com/errata/RHSA-2021:3488