2130577 – (CVE-2022-32166) CVE-2022-32166 openvswitch: Heap buffer over-read in flow.c

Bug 2130577 (CVE-2022-32166) - CVE-2022-32166 openvswitch: Heap buffer over-read in flow.c

Summary: CVE-2022-32166 openvswitch: Heap buffer over-read in flow.c

Keywords:
Status:	NEW
Alias:	CVE-2022-32166
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2130578 2132865
Blocks:	2130579
TreeView+	depends on / blocked

Reported:	2022-09-28 13:47 UTC by Pedro Sampaio
Modified:	2023-07-07 08:32 UTC (History)
CC List:	25 users (show)
Fixed In Version:	openvswitch 2.5.0
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in OpenVSwitch. Versions 0.90.0 through 2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and remote execution.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2022-09-28 13:47:50 UTC

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

References:

https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73

Comment 1 Pedro Sampaio 2022-09-28 13:48:09 UTC

Created openvswitch tracking bugs for this issue:

Affects: fedora-all [bug 2130578]

Comment 3 zhijianli88 2023-04-24 08:09:33 UTC

(In reply to Pedro Sampaio from comment #0)
> In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer
> over-read in flow.c. An unsafe comparison of “minimasks” function could lead
> access to an unmapped region of memory. This vulnerability is capable of
> crashing the software, memory modification, and possible remote execution.
> 
> References:
> 
> https://github.com/cloudbase/ovs/commit/
> 2ed6505555cdcb46f9b1f0329d1491b75290fc73

I looked into ovs 2.0.0 and 2.4.0, it's believed this vulnerability does not impact these 2 versions.

Note You need to log in before you can comment on or make changes to this bug.

aconole
amusil
apevec
chrisw
ctrautma
echaudro
eglynn
fleitner
jburrell
jhsiao
jjoyce
lhh
mburns
mgarciac
michal.skrivanek
mperina
ovs-qe
ovs-team
ralongi
rhos-maint
rkhan
spower
tgraf
tredaelli
zhijianli88