Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 678
    • Issues 678
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 154
    • Merge Requests 154
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #12422

Closed
Open
Opened Feb 11, 2021 by Alicha CH@alichaReporter2 of 2 tasks completed2/2 tasks

openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498)

Multiple versions of Open vSwitch are vulnerable to potential problems like denial of service attacks, in which crafted network packets could cause the packet lookup to ignore network header fields from layers 3 and 4.

Both kernel and userspace datapaths are affected, including DPDK enabled Open vSwitch (OVS-DPDK) as an example of the latter.

The crafted network packet is an ordinary IPv4 or IPv6 packet with Ethernet padding length above 255 bytes. This causes the packet sanity check to abort parsing header fields after layer 2.

When that situation happens, the classifier will use an unexpected set of header fields. This could cause the packet lookup to either match on unintended flows or return the default table miss action 'drop'.

As a consequence, the datapath can be instructed to match on an incorrect range of packets with an action to drop them, for example. Further legit traffic could hit the cached flow preventing it to expire extending the situation.

Fixed In Version:

openvswitch 2.14.2, 2.13.3, 2.12.3, 2.11.6, 2.10.7, 2.9.9, 2.8.11, 2.7.13, 2.6.10, 2.5.12

Reference:

https://www.openwall.com/lists/oss-security/2021/02/10/4

Patch:

https://github.com/openvswitch/ovs/commit/53c1b8b166f3dd217bc391d707885f789e9ecc49 (2.12)

Affected branches:

  • master
  • 3.13-stable
Edited Feb 11, 2021 by Leo
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#12422