2019692 – (CVE-2021-3905) CVE-2021-3905 openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets

Bug 2019692 (CVE-2021-3905) - CVE-2021-3905 openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets

Summary: CVE-2021-3905 openvswitch: External triggered memory leak in Open vSwitch whi...

Keywords:
Status:	NEW
Alias:	CVE-2021-3905
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2019693 2021652 2021653 2021654 2021655 2021656 2021657 2021658 2022491 2022492 2022493 2022494 2022495 2023644 2023956 2025200 2025201 2025578
Blocks:	2014937
TreeView+	depends on / blocked

Reported:	2021-11-03 07:28 UTC by Dhananjay Arunesh
Modified:	2023-07-07 08:32 UTC (History)
CC List:	29 users (show)
Fixed In Version:	openvswitch 2.12
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2021-11-03 07:28:55 UTC

A vulnerability was found in Openvswitch where a memory leak exists during userspace ip fragmentation processing which causes OpenvSwitch to leak packet buffers.

References:
https://github.com/openvswitch/ovs-issues/issues/226

Comment 1 Dhananjay Arunesh 2021-11-03 07:29:21 UTC

Created openvswitch tracking bugs for this issue:

Affects: fedora-all [bug 2019693]

Comment 2 Mauro Matteo Cascella 2021-11-05 18:48:49 UTC

Upstream commit:
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349

Note You need to log in before you can comment on or make changes to this bug.

aconole
apevec
bmontgom
chrisw
ctrautma
dbecker
eparis
fleitner
jburrell
jhsiao
jjoyce
jschluet
lhh
lpeer
mburns
michal.skrivanek
mperina
nstielau
ovs-qe
ovs-team
ralongi
rhos-maint
rkhan
sclewis
slinaber
sponnaga
tgraf
tredaelli
vkumar