openvswitch: denial of service (CVE-2020-27827)
Multiple versions of Open vSwitch are vulnerable to denial of service attacks in which crafted LLDP packets could cause memory to be lost when allocating data to handle specific optional TLVs. Triggering the vulnerability requires LLDP processing to be enabled for a specific port. Open vSwitch versions before 2.5.x are not vulnerable.
We recommend that users of Open vSwitch apply the included patch, or upgrade to a known patched version of Open vSwitch. These include: