Multiple versions of Open vSwitch are vulnerable to crafted LLDP packets causing data underflow attacks. Triggering the vulnerabilities requires LLDP processing to be enabled for a specific port. Open vSwitch versions prior to 2.4.0 are not vulnerable. https://github.com/openvswitch/ovs/pull/405 https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html
Created openvswitch tracking bugs for this issue: Affects: fedora-all [bug 2155382]
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2023:0691 https://access.redhat.com/errata/RHSA-2023:0691
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:0688 https://access.redhat.com/errata/RHSA-2023:0688
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:0685 https://access.redhat.com/errata/RHSA-2023:0685
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:0689 https://access.redhat.com/errata/RHSA-2023:0689
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:0687 https://access.redhat.com/errata/RHSA-2023:0687
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4338