An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. Upstream Patch: https://nvd.nist.gov/vuln/detail/CVE-2018-17206
Created openvswitch tracking bugs for this issue: Affects: openstack-rdo [bug 1632529]
I have downgraded the severity after review. This crash would be possible when bundling changes to the OVS flow table, which requires use of the local ovs-vsctl tool by a logged in administrative user, so network and unprivileged didn't quite seem to fit. I have updated the flaw RHOSP edition impacts after reviewing both RHOSP and FDP releases, including the FDP openvswitch2.10 release. RHOSP14 (OVS 2.6.1): openvswitch: - CVE-2018-17206 (vulnerable code present in decode_bundle, lib/ofp-actions.c, offset) RHOSP13 (OVS 2.6.1) openvswitch: - CVE-2018-17206 (vulnerable code present in decode_bundle, lib/ofp-actions.c, offset) - Commonly uses FDP version (2.9.0) RHOSP12 (OVS 2.7.4) openvswitch: - CVE-2018-17206 (vulnerable code present in decode_bundle, lib/ofp-actions.c, offset) - Commonly uses FDP version (2.9.0) RHOSP10 (OVS 2.6.1) openvswitch: - CVE-2018-17206 (vulnerable code present in decode_bundle, lib/ofp-actions.c, offset) - Commonly uses FDP version (2.9.0) RHOSP9 (OVS not packaged?) openvswitch: - Repo contains 2.5.0 (Installable after running rhos-release 9, seems to inherit from RHOS7 tag) - CVE-2018-17206 (vulnerable code present in decode_bundle, in lib/ofp-actions.c) RHOSP8 (OVS not packaged?) openvswitch: - Repo contains 2.5.0 (Installable after running rhos-release 8, seems to inherit from RHOS7 tag) - CVE-2018-17206 (vulnerable code present in decode_bundle, in lib/ofp-actions.c) RHOSP7 ELS (Important flaws only for ELS releases, 2.5.0) - CVE-2018-17206 (vulnerable code present in decode_bundle, in lib/ofp-actions.c, however not high enough severity to meet criteria for ELS) Fast Data Path RHEL-7 (2.9.0) openvswitch: - CVE-2018-17206 (vulnerable code present in decode_bundle, lib/ofp-actions.c, offset) openvswitch2.10: - CVE-2018-17206 (has been fixed, not vulnerable)
Upstream fix: https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8
This issue has been addressed in the following products: Fast Datapath for RHEL 7 Via RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2018:3500
OpenShift 3.1 to 3.4 included an openvswitch rpm. The node container image (https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/node) includes the patch for this flaw and as per OpenShift Container Platform Tested Integrations (https://access.redhat.com/articles/2176281) customers are advised to use the updated node container.
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0053
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:0081 https://access.redhat.com/errata/RHSA-2019:0081