Bug 2019692 (CVE-2021-3905) - CVE-2021-3905 openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets
Summary: CVE-2021-3905 openvswitch: External triggered memory leak in Open vSwitch whi...
Keywords:
Status: NEW
Alias: CVE-2021-3905
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2019693 2021652 2021653 2021654 2021655 2021656 2021657 2021658 2022491 2022492 2022493 2022494 2022495 2023644 2023956 2025200 2025201 2025578
Blocks: 2014937
TreeView+ depends on / blocked
 
Reported: 2021-11-03 07:28 UTC by Dhananjay Arunesh
Modified: 2023-07-07 08:32 UTC (History)
29 users (show)

Fixed In Version: openvswitch 2.12
Doc Type: If docs needed, set a value
Doc Text:
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Dhananjay Arunesh 2021-11-03 07:28:55 UTC 
A vulnerability was found in Openvswitch where a memory leak exists during userspace ip fragmentation processing which causes OpenvSwitch to leak packet buffers.

References:
https://github.com/openvswitch/ovs-issues/issues/226
Comment 1 Dhananjay Arunesh 2021-11-03 07:29:21 UTC 
Created openvswitch tracking bugs for this issue:

Affects: fedora-all [bug 2019693]
Comment 2 Mauro Matteo Cascella 2021-11-05 18:48:49 UTC 
Upstream commit:
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
Note You need to log in before you can comment on or make changes to this bug.