Action not permitted
Modal body text goes here.
cve-2022-0669
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-0669 | Third Party Advisory | |
secalert@redhat.com | https://bugs.dpdk.org/show_bug.cgi?id=922 | Patch, Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2055793 | Issue Tracking, Patch, Third Party Advisory | |
secalert@redhat.com | https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 | Patch, Third Party Advisory | |
secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2022-0669 | Patch, Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:32:46.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.dpdk.org/show_bug.cgi?id=922" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "DPDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4." } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 - Uncontrolled Resource Consumption.", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-29T14:03:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.dpdk.org/show_bug.cgi?id=922" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0669", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "DPDK", "version": { "version_data": [ { "version_value": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400 - Uncontrolled Resource Consumption." } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "name": "https://bugs.dpdk.org/show_bug.cgi?id=922", "refsource": "MISC", "url": "https://bugs.dpdk.org/show_bug.cgi?id=922" }, { "name": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227", "refsource": "MISC", "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227" }, { "name": "https://access.redhat.com/security/cve/CVE-2022-0669", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2022-0669", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0669", "datePublished": "2022-08-29T14:03:04", "dateReserved": "2022-02-17T00:00:00", "dateUpdated": "2024-08-02T23:32:46.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-0669\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-08-29T15:15:09.750\",\"lastModified\":\"2022-09-01T20:35:47.027\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en dpdk. Este fallo permite a un vhost-user master malicioso adjuntar un n\u00famero inesperado de fds como datos auxiliares a los mensajes VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD que no son cerrados por el vhost-user slave. Al enviar dichos mensajes continuamente, el maestro vhost-user agota los fd disponibles en el proceso esclavo vhost-user, conllevando a una denegaci\u00f3n de servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.02\",\"versionEndExcluding\":\"22.03\",\"matchCriteriaId\":\"00189B34-1D41-4AE8-988A-65013F529ABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D54C8537-09ED-447B-A677-C1B31CD43BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D64C9BE-1254-4E55-A4B9-BE0059E4AC88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F76795-E087-4163-8803-2DFA0571F720\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F057C6ED-3DC1-41AD-A982-3DBA9FFBDC83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F65AF826-2336-48B7-A364-BEAC013CA4BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB0AB20E-A20A-4087-B944-6A1B6E7E936B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A0E6108-A040-4749-85A6-C1DA127F482A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"844676DA-EA6F-4DA7-8248-6AD0139CC919\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"905886CA-734C-4988-8882-664826DFFEC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B5C7BBB-D091-4A58-9316-AECF82506865\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-0669\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.dpdk.org/show_bug.cgi?id=922\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2055793\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2022-0669\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
var-202204-2114
Vulnerability from variot
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. DPDK of data plane development kit Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state.
The oldstable distribution (buster) is not affected.
For the stable distribution (bullseye), these problems have been fixed in version 20.11.5-1~deb11u1.
We recommend that you upgrade your dpdk packages.
For the detailed security status of dpdk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dpdk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AsACgkQEMKTtsN8 TjYeyw/9ECSTRzzVxG0vfic14yz4vbKTayFN7hGkMwIrtpAT+iNcwR/QVznY+sPB VZxnqNRprXz4cXkTHFrIdaur7QFtGE997Eim4gDt52dmtViaKYTqx/I18dGxLnUq Vz+pck34hlAJjQA2qqF4OEaZi6p6u+RltwVN1A1GKQ/EBZ2F1xz1BCpBsXgEmB5J /GXpnBGMp7vlgveiMNDbkhPO0I4aGrmcMhPY5zIKv+ujjNZozxlqRIK83dkzdyoP 0QWoRMI3e3ANNkxLuKOBUK5f3LQf/No0xivxufN36sIEUK0WjLvDFhmt3Bt4FI+P 1j1YAvcc+LSXF7o+yNeD7tN1NguPX/kNiH1MjnimyOf803Fe4sdlwIGadHagf7P4 eEA9gGxCtM4NEydTLAGFw4dqJki9S3JJtA5m9Lw3/ZjhFg8stfM2iVDD45pmROZi LlxjjfmFH0vaQFG2nh/qXENwosk3D3Sl/o7Pinl6yWM/QstlyM6aXGYQLb9edyfS BRv2R/EsaqICA2rFN0W7dDI1eED6GVLJRGY2Hl+sV+n/ezerlIi87JTZ6c3625rv 7izW/Gzns7Az5KmDIi8wjAD1bzYq0M6zRFp9kbZc1M1s5iEvXEIsQpwg9QENGcgS Yv/7+a5NtWSih4e6enBQ0FqAHBUpNjz+q+qL8U5WovpuifsmrIM= =cq6B -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5401-1 May 04, 2022
dpdk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in DPDK.
Software Description: - dpdk: set of libraries for fast packet processing
Details:
Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An attacker could use this issue to cause DPDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3839)
It was discovered that DPDK incorrectly handled inflight type messages. An attacker could possibly use this issue to cause DPDK to consume resources, leading to a denial of service. (CVE-2022-0669)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: dpdk 21.11.1-0ubuntu0.3
Ubuntu 21.10: dpdk 20.11.5-0ubuntu1
Ubuntu 20.04 LTS: dpdk 19.11.12-0ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openvswitch2.15 security update Advisory ID: RHSA-2022:4787-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2022:4787 Issue date: 2022-05-27 CVE Names: CVE-2021-3839 CVE-2022-0669 =====================================================================
- Summary:
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
-
openvswitch2.15: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
-
openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Users of openvswitch2.15 are advised to upgrade to these updated packages, which fix these bugs.
- Bugs fixed (https://bugzilla.redhat.com/):
2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS 2070343 - Failed to read database with dns hostname address 2080271 - [22.D RHEL-8] Fast Datapath Release
- Package List:
Fast Datapath for Red Hat Enterprise Linux 8:
Source: openvswitch2.15-2.15.0-99.el8fdp.src.rpm
aarch64: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm
noarch: openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm
ppc64le: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm
s390x: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm
x86_64: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3839 https://access.redhat.com/security/cve/CVE-2022-0669 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u 9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/ rhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF G76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm H9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl sA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC 34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g lqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy Bs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft 2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS GOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L 5WnVACaEc60= =WSAK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-2114", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "data plane development kit", "scope": "eq", "trust": 1.0, "vendor": "dpdk", "version": "19.11" }, { "model": "data plane development kit", "scope": "eq", "trust": 1.0, "vendor": "dpdk", "version": "22.03" }, { "model": "openvswitch", "scope": "eq", "trust": 1.0, "vendor": "openvswitch", "version": "2.15.0" }, { "model": "data plane development kit", "scope": "gte", "trust": 1.0, "vendor": "dpdk", "version": "20.02" }, { "model": "openvswitch", "scope": "eq", "trust": 1.0, "vendor": "openvswitch", "version": "2.13.0" }, { "model": "data plane development kit", "scope": "lt", "trust": 1.0, "vendor": "dpdk", "version": "22.03" }, { "model": "red hat openshift container platform", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "data plane development kit", "scope": null, "trust": 0.8, "vendor": "dpdk", "version": null }, { "model": "open vswitch", "scope": null, "trust": 0.8, "vendor": "open vswitch", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "NVD", "id": "CVE-2022-0669" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "22.03", "versionStartIncluding": "20.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-0669" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" } ], "trust": 0.3 }, "cve": "CVE-2022-0669", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.0, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-0669", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-0669", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202204-4638", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. DPDK of data plane development kit Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. \n\nThe oldstable distribution (buster) is not affected. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 20.11.5-1~deb11u1. \n\nWe recommend that you upgrade your dpdk packages. \n\nFor the detailed security status of dpdk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/dpdk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AsACgkQEMKTtsN8\nTjYeyw/9ECSTRzzVxG0vfic14yz4vbKTayFN7hGkMwIrtpAT+iNcwR/QVznY+sPB\nVZxnqNRprXz4cXkTHFrIdaur7QFtGE997Eim4gDt52dmtViaKYTqx/I18dGxLnUq\nVz+pck34hlAJjQA2qqF4OEaZi6p6u+RltwVN1A1GKQ/EBZ2F1xz1BCpBsXgEmB5J\n/GXpnBGMp7vlgveiMNDbkhPO0I4aGrmcMhPY5zIKv+ujjNZozxlqRIK83dkzdyoP\n0QWoRMI3e3ANNkxLuKOBUK5f3LQf/No0xivxufN36sIEUK0WjLvDFhmt3Bt4FI+P\n1j1YAvcc+LSXF7o+yNeD7tN1NguPX/kNiH1MjnimyOf803Fe4sdlwIGadHagf7P4\neEA9gGxCtM4NEydTLAGFw4dqJki9S3JJtA5m9Lw3/ZjhFg8stfM2iVDD45pmROZi\nLlxjjfmFH0vaQFG2nh/qXENwosk3D3Sl/o7Pinl6yWM/QstlyM6aXGYQLb9edyfS\nBRv2R/EsaqICA2rFN0W7dDI1eED6GVLJRGY2Hl+sV+n/ezerlIi87JTZ6c3625rv\n7izW/Gzns7Az5KmDIi8wjAD1bzYq0M6zRFp9kbZc1M1s5iEvXEIsQpwg9QENGcgS\nYv/7+a5NtWSih4e6enBQ0FqAHBUpNjz+q+qL8U5WovpuifsmrIM=\n=cq6B\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5401-1\nMay 04, 2022\n\ndpdk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in DPDK. \n\nSoftware Description:\n- dpdk: set of libraries for fast packet processing\n\nDetails:\n\nWenxiang Qian discovered that DPDK incorrectly checked certain payloads. An\nattacker could use this issue to cause DPDK to crash, resulting in a denial\nof service, or possibly execute arbitrary code. (CVE-2021-3839)\n\nIt was discovered that DPDK incorrectly handled inflight type messages. An\nattacker could possibly use this issue to cause DPDK to consume resources,\nleading to a denial of service. (CVE-2022-0669)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n dpdk 21.11.1-0ubuntu0.3\n\nUbuntu 21.10:\n dpdk 20.11.5-0ubuntu1\n\nUbuntu 20.04 LTS:\n dpdk 19.11.12-0ubuntu0.20.04.1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openvswitch2.15 security update\nAdvisory ID: RHSA-2022:4787-01\nProduct: Fast Datapath\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:4787\nIssue date: 2022-05-27\nCVE Names: CVE-2021-3839 CVE-2022-0669 \n=====================================================================\n\n1. Summary:\n\nAn update for openvswitch2.15 is now available in Fast Datapath for Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nFast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nSecurity Fix(es):\n\n* openvswitch2.15: DPDK: Out-of-bounds read/write in\nvhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)\n\n* openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could\nlead to DoS (CVE-2022-0669)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nUsers of openvswitch2.15 are advised to upgrade to these updated packages,\nwhich fix these bugs. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash\n2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS\n2070343 - Failed to read database with dns hostname address\n2080271 - [22.D RHEL-8] Fast Datapath Release\n\n6. Package List:\n\nFast Datapath for Red Hat Enterprise Linux 8:\n\nSource:\nopenvswitch2.15-2.15.0-99.el8fdp.src.rpm\n\naarch64:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm\n\nnoarch:\nopenvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm\n\nppc64le:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm\n\ns390x:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm\n\nx86_64:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3839\nhttps://access.redhat.com/security/cve/CVE-2022-0669\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u\n9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/\nrhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF\nG76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm\nH9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl\nsA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC\n34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g\nlqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy\nBs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft\n2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS\nGOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L\n5WnVACaEc60=\n=WSAK\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "VULHUB", "id": "VHN-415255" }, { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "PACKETSTORM", "id": "169321" }, { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "166960" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-0669", "trust": 3.9 }, { "db": "PACKETSTORM", "id": "166960", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "167299", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-016014", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.3284", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2695", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022052515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022053026", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202204-4638", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "167294", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "167298", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-415255", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-0669", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169321", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415255" }, { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "PACKETSTORM", "id": "169321" }, { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "166960" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" }, { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "id": "VAR-202204-2114", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-415255" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:34:19.626000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DPDK Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194046" }, { "title": "Debian CVElist Bug Report Logs: dpdk: CVE-2021-3839 and CVE-2022-0669", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b8bc18397e85f273082ea70c4090f82d" }, { "title": "Ubuntu Security Notice: USN-5401-1: DPDK vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5401-1" }, { "title": "Debian Security Advisories: DSA-5130-1 dpdk -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c1652914039a5559306521c55fe28d7e" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "NVD", "id": "CVE-2022-0669" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://access.redhat.com/security/cve/cve-2022-0669" }, { "trust": 2.5, "url": "https://bugs.dpdk.org/show_bug.cgi?id=922" }, { "trust": 2.5, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "trust": 2.5, "url": "https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227" }, { "trust": 2.5, "url": "https://security-tracker.debian.org/tracker/cve-2022-0669" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0669" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022052515" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-0669/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167299/red-hat-security-advisory-2022-4786-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3284" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166960/ubuntu-security-notice-usn-5401-1.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/dpdk-overload-via-inflight-type-messages-38252" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022053026" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2695" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3839" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3839" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://ubuntu.com/security/notices/usn-5401-1" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010641" }, { "trust": 0.1, "url": "https://www.debian.org/security/2022/dsa-5130" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/dpdk" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:4786" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/dpdk/21.11.1-0ubuntu0.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/dpdk/20.11.5-0ubuntu1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/dpdk/19.11.12-0ubuntu0.20.04.1" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:4787" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:4788" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415255" }, { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "PACKETSTORM", "id": "169321" }, { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "166960" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" }, { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-415255" }, { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "PACKETSTORM", "id": "169321" }, { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "166960" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" }, { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULHUB", "id": "VHN-415255" }, { "date": "2023-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "date": "2022-05-28T19:12:00", "db": "PACKETSTORM", "id": "169321" }, { "date": "2022-05-30T14:06:20", "db": "PACKETSTORM", "id": "167299" }, { "date": "2022-05-04T21:43:23", "db": "PACKETSTORM", "id": "166960" }, { "date": "2022-05-30T13:56:31", "db": "PACKETSTORM", "id": "167294" }, { "date": "2022-05-30T14:05:41", "db": "PACKETSTORM", "id": "167298" }, { "date": "2022-08-29T15:15:09.750000", "db": "NVD", "id": "CVE-2022-0669" }, { "date": "2022-04-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-01T00:00:00", "db": "VULHUB", "id": "VHN-415255" }, { "date": "2023-09-29T08:07:00", "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "date": "2022-09-01T20:35:47.027000", "db": "NVD", "id": "CVE-2022-0669" }, { "date": "2022-09-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-4638" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "DPDK\u00a0 of \u00a0data\u00a0plane\u00a0development\u00a0kit\u00a0 Vulnerabilities in Products from Other Vendors", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016014" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-4638" } ], "trust": 0.6 } }
rhsa-2022_4788
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for openvswitch2.16 is now available in Fast Datapath for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.\n\nSecurity Fix(es):\n\n* openvswitch2.16: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)\n\n* openvswitch2.16: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4788", "url": "https://access.redhat.com/errata/RHSA-2022:4788" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2025882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882" }, { "category": "external", "summary": "2055097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055097" }, { "category": "external", "summary": "2055793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "category": "external", "summary": "2080273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080273" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4788.json" } ], "title": "Red Hat Security Advisory: openvswitch2.16 security update", "tracking": { "current_release_date": "2024-11-06T00:57:08+00:00", "generator": { "date": "2024-11-06T00:57:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:4788", "initial_release_date": "2022-05-27T19:03:04+00:00", "revision_history": [ { "date": "2022-05-27T19:03:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-27T19:03:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:57:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Fast Datapath for Red Hat Enterprise Linux 8", "product": { "name": "Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath" } } } ], "category": "product_family", "name": "Fast Datapath" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product": { "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product_id": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.16@2.16.0-74.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product_id": "openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16@2.16.0-74.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "product": { "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "product_id": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-devel@2.16.0-74.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "product": { "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "product_id": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-ipsec@2.16.0-74.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product": { "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product_id": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.16@2.16.0-74.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "product": { "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "product_id": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-debugsource@2.16.0-74.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "product": { "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "product_id": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-debuginfo@2.16.0-74.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "product": { "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "product_id": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.16-debuginfo@2.16.0-74.el8fdp?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product": { "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product_id": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.16@2.16.0-74.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product_id": "openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16@2.16.0-74.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "product": { "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "product_id": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-devel@2.16.0-74.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "product": { "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "product_id": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-ipsec@2.16.0-74.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product": { "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product_id": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.16@2.16.0-74.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "product": { "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "product_id": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-debugsource@2.16.0-74.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "product": { "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "product_id": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-debuginfo@2.16.0-74.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "product": { "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "product_id": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.16-debuginfo@2.16.0-74.el8fdp?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product": { "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product_id": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.16@2.16.0-74.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product_id": "openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16@2.16.0-74.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "product": { "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "product_id": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-devel@2.16.0-74.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "product": { "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "product_id": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-ipsec@2.16.0-74.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product": { "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product_id": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.16@2.16.0-74.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "product": { "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "product_id": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-debugsource@2.16.0-74.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "product": { "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "product_id": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-debuginfo@2.16.0-74.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "product": { "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "product_id": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.16-debuginfo@2.16.0-74.el8fdp?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product": { "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product_id": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.16@2.16.0-74.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product_id": "openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16@2.16.0-74.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "product": { "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "product_id": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-devel@2.16.0-74.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "product": { "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "product_id": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-ipsec@2.16.0-74.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product": { "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product_id": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.16@2.16.0-74.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "product": { "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "product_id": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-debugsource@2.16.0-74.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "product": { "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "product_id": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-debuginfo@2.16.0-74.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "product": { "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "product_id": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.16-debuginfo@2.16.0-74.el8fdp?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openvswitch2.16-0:2.16.0-74.el8fdp.src", "product": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.src", "product_id": "openvswitch2.16-0:2.16.0-74.el8fdp.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16@2.16.0-74.el8fdp?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "product": { "name": "openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "product_id": "openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.16-test@2.16.0-74.el8fdp?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64" }, "product_reference": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le" }, "product_reference": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x" }, "product_reference": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" }, "product_reference": "network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.aarch64" }, "product_reference": "openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le" }, "product_reference": "openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.s390x" }, "product_reference": "openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.src as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.src" }, "product_reference": "openvswitch2.16-0:2.16.0-74.el8fdp.src", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-0:2.16.0-74.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" }, "product_reference": "openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64" }, "product_reference": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le" }, "product_reference": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x" }, "product_reference": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64" }, "product_reference": "openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64" }, "product_reference": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le" }, "product_reference": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x" }, "product_reference": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64" }, "product_reference": "openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64" }, "product_reference": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le" }, "product_reference": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x" }, "product_reference": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64" }, "product_reference": "openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64" }, "product_reference": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le" }, "product_reference": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x" }, "product_reference": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64" }, "product_reference": "openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch" }, "product_reference": "openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64" }, "product_reference": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le" }, "product_reference": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x" }, "product_reference": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" }, "product_reference": "python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64" }, "product_reference": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le" }, "product_reference": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x" }, "product_reference": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64" }, "product_reference": "python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Wenxiang Qian \u003cleonwxqian@gmail.com\u003e" ] } ], "cve": "CVE-2021-3839", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-09-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2025882" } ], "notes": [ { "category": "description", "text": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect Red Hat Ceph Storage 3 and 4 as dpdk (embedded in ceph source rpm) is not built in the packages, therefore the vulnerable code is not available in the resulting RPM and the issue cannot be exploited.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" ], "known_not_affected": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3839" }, { "category": "external", "summary": "RHBZ#2025882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3839", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3839" } ], "release_date": "2022-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-27T19:03:04+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4788" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash" }, { "acknowledgments": [ { "names": [ "Cheng Jiang" ], "organization": "DPDK security team", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-0669", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2055793" } ], "notes": [ { "category": "description", "text": "A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user exhausts available fd in the vhost-user standby process, leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "dpdk: sending vhost-user-inflight type messages could lead to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" ], "known_not_affected": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-debugsource-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-devel-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-ipsec-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.16-test-0:2.16.0-74.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-0:2.16.0-74.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.16-debuginfo-0:2.16.0-74.el8fdp.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "category": "external", "summary": "RHBZ#2055793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0669", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0669" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0669", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0669" } ], "release_date": "2022-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-27T19:03:04+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4788" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.16-0:2.16.0-74.el8fdp.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dpdk: sending vhost-user-inflight type messages could lead to DoS" } ] }
rhsa-2022_4786
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for openvswitch2.13 is now available in Fast Datapath for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.\n\nSecurity Fix(es):\n\n* openvswitch2.13: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)\n\n* openvswitch2.13: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4786", "url": "https://access.redhat.com/errata/RHSA-2022:4786" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2025882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882" }, { "category": "external", "summary": "2055793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "category": "external", "summary": "2080270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080270" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4786.json" } ], "title": "Red Hat Security Advisory: openvswitch2.13 security update", "tracking": { "current_release_date": "2024-11-06T00:57:16+00:00", "generator": { "date": "2024-11-06T00:57:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:4786", "initial_release_date": "2022-05-27T19:03:06+00:00", "revision_history": [ { "date": "2022-05-27T19:03:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-27T19:03:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:57:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Fast Datapath for Red Hat Enterprise Linux 8", "product": { "name": "Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath" } } } ], "category": "product_family", "name": "Fast Datapath" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product": { "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product_id": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.13@2.13.0-180.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product_id": "openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13@2.13.0-180.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "product": { "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "product_id": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-devel@2.13.0-180.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "product": { "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "product_id": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-ipsec@2.13.0-180.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product": { "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product_id": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.13@2.13.0-180.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "product": { "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "product_id": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-debugsource@2.13.0-180.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "product": { "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "product_id": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-debuginfo@2.13.0-180.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "product": { "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "product_id": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.13-debuginfo@2.13.0-180.el8fdp?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product": { "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product_id": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.13@2.13.0-180.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product_id": "openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13@2.13.0-180.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "product": { "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "product_id": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-devel@2.13.0-180.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "product": { "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "product_id": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-ipsec@2.13.0-180.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product": { "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product_id": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.13@2.13.0-180.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "product": { "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "product_id": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-debugsource@2.13.0-180.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "product": { "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "product_id": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-debuginfo@2.13.0-180.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "product": { "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "product_id": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.13-debuginfo@2.13.0-180.el8fdp?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product": { "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product_id": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.13@2.13.0-180.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product_id": "openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13@2.13.0-180.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "product": { "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "product_id": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-devel@2.13.0-180.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "product": { "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "product_id": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-ipsec@2.13.0-180.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product": { "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product_id": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.13@2.13.0-180.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "product": { "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "product_id": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-debugsource@2.13.0-180.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "product": { "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "product_id": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-debuginfo@2.13.0-180.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "product": { "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "product_id": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.13-debuginfo@2.13.0-180.el8fdp?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product": { "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product_id": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.13@2.13.0-180.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product_id": "openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13@2.13.0-180.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "product": { "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "product_id": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-devel@2.13.0-180.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "product": { "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "product_id": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-ipsec@2.13.0-180.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product": { "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product_id": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.13@2.13.0-180.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "product": { "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "product_id": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-debugsource@2.13.0-180.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "product": { "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "product_id": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-debuginfo@2.13.0-180.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "product": { "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "product_id": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.13-debuginfo@2.13.0-180.el8fdp?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openvswitch2.13-0:2.13.0-180.el8fdp.src", "product": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.src", "product_id": "openvswitch2.13-0:2.13.0-180.el8fdp.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13@2.13.0-180.el8fdp?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "product": { "name": "openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "product_id": "openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.13-test@2.13.0-180.el8fdp?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64" }, "product_reference": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le" }, "product_reference": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x" }, "product_reference": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" }, "product_reference": "network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.aarch64" }, "product_reference": "openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le" }, "product_reference": "openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.s390x" }, "product_reference": "openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.src as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.src" }, "product_reference": "openvswitch2.13-0:2.13.0-180.el8fdp.src", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-0:2.13.0-180.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" }, "product_reference": "openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64" }, "product_reference": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le" }, "product_reference": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x" }, "product_reference": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64" }, "product_reference": "openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64" }, "product_reference": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le" }, "product_reference": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x" }, "product_reference": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64" }, "product_reference": "openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64" }, "product_reference": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le" }, "product_reference": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x" }, "product_reference": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64" }, "product_reference": "openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64" }, "product_reference": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le" }, "product_reference": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x" }, "product_reference": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64" }, "product_reference": "openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch" }, "product_reference": "openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64" }, "product_reference": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le" }, "product_reference": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x" }, "product_reference": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" }, "product_reference": "python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64" }, "product_reference": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le" }, "product_reference": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x" }, "product_reference": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64" }, "product_reference": "python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Wenxiang Qian \u003cleonwxqian@gmail.com\u003e" ] } ], "cve": "CVE-2021-3839", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-09-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2025882" } ], "notes": [ { "category": "description", "text": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect Red Hat Ceph Storage 3 and 4 as dpdk (embedded in ceph source rpm) is not built in the packages, therefore the vulnerable code is not available in the resulting RPM and the issue cannot be exploited.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" ], "known_not_affected": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3839" }, { "category": "external", "summary": "RHBZ#2025882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3839", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3839" } ], "release_date": "2022-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-27T19:03:06+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nUsers of openvswitch2.13 are advised to upgrade to these updated packages, which fix these bugs.", "product_ids": [ "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4786" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash" }, { "acknowledgments": [ { "names": [ "Cheng Jiang" ], "organization": "DPDK security team", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-0669", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2055793" } ], "notes": [ { "category": "description", "text": "A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user exhausts available fd in the vhost-user standby process, leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "dpdk: sending vhost-user-inflight type messages could lead to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" ], "known_not_affected": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-debugsource-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-devel-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-ipsec-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.13-test-0:2.13.0-180.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-0:2.13.0-180.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.13-debuginfo-0:2.13.0-180.el8fdp.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "category": "external", "summary": "RHBZ#2055793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0669", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0669" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0669", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0669" } ], "release_date": "2022-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-27T19:03:06+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nUsers of openvswitch2.13 are advised to upgrade to these updated packages, which fix these bugs.", "product_ids": [ "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4786" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.13-0:2.13.0-180.el8fdp.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dpdk: sending vhost-user-inflight type messages could lead to DoS" } ] }
rhsa-2022_4787
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for openvswitch2.15 is now available in Fast Datapath for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.\n\nSecurity Fix(es):\n\n* openvswitch2.15: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)\n\n* openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4787", "url": "https://access.redhat.com/errata/RHSA-2022:4787" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2025882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882" }, { "category": "external", "summary": "2055793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "category": "external", "summary": "2070343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070343" }, { "category": "external", "summary": "2080271", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080271" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4787.json" } ], "title": "Red Hat Security Advisory: openvswitch2.15 security update", "tracking": { "current_release_date": "2024-11-06T00:56:59+00:00", "generator": { "date": "2024-11-06T00:56:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:4787", "initial_release_date": "2022-05-27T19:02:46+00:00", "revision_history": [ { "date": "2022-05-27T19:02:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-27T19:02:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:56:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Fast Datapath for Red Hat Enterprise Linux 8", "product": { "name": "Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath" } } } ], "category": "product_family", "name": "Fast Datapath" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product": { "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product_id": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.15@2.15.0-99.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product_id": "openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15@2.15.0-99.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "product": { "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "product_id": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-devel@2.15.0-99.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "product": { "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "product_id": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-ipsec@2.15.0-99.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product": { "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product_id": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.15@2.15.0-99.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "product": { "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "product_id": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-debugsource@2.15.0-99.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "product": { "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "product_id": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-debuginfo@2.15.0-99.el8fdp?arch=x86_64" } } }, { "category": "product_version", "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "product": { "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "product_id": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.15-debuginfo@2.15.0-99.el8fdp?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product": { "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product_id": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.15@2.15.0-99.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product_id": "openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15@2.15.0-99.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "product": { "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "product_id": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-devel@2.15.0-99.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "product": { "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "product_id": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-ipsec@2.15.0-99.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product": { "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product_id": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.15@2.15.0-99.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "product": { "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "product_id": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-debugsource@2.15.0-99.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "product": { "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "product_id": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-debuginfo@2.15.0-99.el8fdp?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "product": { "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "product_id": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.15-debuginfo@2.15.0-99.el8fdp?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product": { "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product_id": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.15@2.15.0-99.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product_id": "openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15@2.15.0-99.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "product": { "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "product_id": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-devel@2.15.0-99.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "product": { "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "product_id": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-ipsec@2.15.0-99.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product": { "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product_id": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.15@2.15.0-99.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "product": { "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "product_id": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-debugsource@2.15.0-99.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "product": { "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "product_id": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-debuginfo@2.15.0-99.el8fdp?arch=aarch64" } } }, { "category": "product_version", "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "product": { "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "product_id": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.15-debuginfo@2.15.0-99.el8fdp?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product": { "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product_id": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/network-scripts-openvswitch2.15@2.15.0-99.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product_id": "openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15@2.15.0-99.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "product": { "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "product_id": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-devel@2.15.0-99.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "product": { "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "product_id": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-ipsec@2.15.0-99.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product": { "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product_id": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.15@2.15.0-99.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "product": { "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "product_id": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-debugsource@2.15.0-99.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "product": { "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "product_id": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-debuginfo@2.15.0-99.el8fdp?arch=s390x" } } }, { "category": "product_version", "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "product": { "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "product_id": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-openvswitch2.15-debuginfo@2.15.0-99.el8fdp?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openvswitch2.15-0:2.15.0-99.el8fdp.src", "product": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.src", "product_id": "openvswitch2.15-0:2.15.0-99.el8fdp.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15@2.15.0-99.el8fdp?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "product": { "name": "openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "product_id": "openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch2.15-test@2.15.0-99.el8fdp?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64" }, "product_reference": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le" }, "product_reference": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x" }, "product_reference": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" }, "product_reference": "network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.aarch64" }, "product_reference": "openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le" }, "product_reference": "openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.s390x" }, "product_reference": "openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.src as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.src" }, "product_reference": "openvswitch2.15-0:2.15.0-99.el8fdp.src", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-0:2.15.0-99.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" }, "product_reference": "openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64" }, "product_reference": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le" }, "product_reference": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x" }, "product_reference": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64" }, "product_reference": "openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64" }, "product_reference": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le" }, "product_reference": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x" }, "product_reference": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64" }, "product_reference": "openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64" }, "product_reference": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le" }, "product_reference": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x" }, "product_reference": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64" }, "product_reference": "openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64" }, "product_reference": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le" }, "product_reference": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x" }, "product_reference": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64" }, "product_reference": "openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch" }, "product_reference": "openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64" }, "product_reference": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le" }, "product_reference": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x" }, "product_reference": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" }, "product_reference": "python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64" }, "product_reference": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le" }, "product_reference": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x" }, "product_reference": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "relates_to_product_reference": "8Base-Fast-Datapath" }, { "category": "default_component_of", "full_product_name": { "name": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 8", "product_id": "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64" }, "product_reference": "python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "relates_to_product_reference": "8Base-Fast-Datapath" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Wenxiang Qian \u003cleonwxqian@gmail.com\u003e" ] } ], "cve": "CVE-2021-3839", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-09-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2025882" } ], "notes": [ { "category": "description", "text": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect Red Hat Ceph Storage 3 and 4 as dpdk (embedded in ceph source rpm) is not built in the packages, therefore the vulnerable code is not available in the resulting RPM and the issue cannot be exploited.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" ], "known_not_affected": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3839" }, { "category": "external", "summary": "RHBZ#2025882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3839", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3839" } ], "release_date": "2022-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-27T19:02:46+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nUsers of openvswitch2.15 are advised to upgrade to these updated packages, which fix these bugs.", "product_ids": [ "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4787" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash" }, { "acknowledgments": [ { "names": [ "Cheng Jiang" ], "organization": "DPDK security team", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-0669", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2055793" } ], "notes": [ { "category": "description", "text": "A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user exhausts available fd in the vhost-user standby process, leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "dpdk: sending vhost-user-inflight type messages could lead to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" ], "known_not_affected": [ "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:network-scripts-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-debugsource-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-devel-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-ipsec-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:openvswitch2.15-test-0:2.15.0-99.el8fdp.noarch", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-0:2.15.0-99.el8fdp.x86_64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:python3-openvswitch2.15-debuginfo-0:2.15.0-99.el8fdp.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "category": "external", "summary": "RHBZ#2055793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0669", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0669" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0669", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0669" } ], "release_date": "2022-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-27T19:02:46+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nUsers of openvswitch2.15 are advised to upgrade to these updated packages, which fix these bugs.", "product_ids": [ "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.aarch64", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.ppc64le", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.s390x", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.src", "8Base-Fast-Datapath:openvswitch2.15-0:2.15.0-99.el8fdp.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dpdk: sending vhost-user-inflight type messages could lead to DoS" } ] }
ghsa-4vw6-hh56-rxvj
Vulnerability from github
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
{ "affected": [], "aliases": [ "CVE-2022-0669" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-08-29T15:15:00Z", "severity": "MODERATE" }, "details": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.", "id": "GHSA-4vw6-hh56-rxvj", "modified": "2022-09-02T00:01:03Z", "published": "2022-08-29T20:06:49Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0669" }, { "type": "WEB", "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "type": "WEB", "url": "https://bugs.dpdk.org/show_bug.cgi?id=922" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "type": "WEB", "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
gsd-2022-0669
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-0669", "description": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.", "id": "GSD-2022-0669", "references": [ "https://security.archlinux.org/CVE-2022-0669", "https://www.debian.org/security/2022/dsa-5130", "https://access.redhat.com/errata/RHSA-2022:4786", "https://access.redhat.com/errata/RHSA-2022:4787", "https://access.redhat.com/errata/RHSA-2022:4788", "https://www.suse.com/security/cve/CVE-2022-0669.html", "https://ubuntu.com/security/CVE-2022-0669" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-0669" ], "details": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.", "id": "GSD-2022-0669", "modified": "2023-12-13T01:19:11.333140Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0669", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "DPDK", "version": { "version_data": [ { "version_value": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400 - Uncontrolled Resource Consumption." } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "name": "https://bugs.dpdk.org/show_bug.cgi?id=922", "refsource": "MISC", "url": "https://bugs.dpdk.org/show_bug.cgi?id=922" }, { "name": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227", "refsource": "MISC", "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227" }, { "name": "https://access.redhat.com/security/cve/CVE-2022-0669", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2022-0669", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "22.03", "versionStartIncluding": "20.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0669" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "https://access.redhat.com/security/cve/CVE-2022-0669", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/cve/CVE-2022-0669" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "name": "https://bugs.dpdk.org/show_bug.cgi?id=922", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://bugs.dpdk.org/show_bug.cgi?id=922" }, { "name": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2022-0669", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0 } }, "lastModifiedDate": "2022-09-01T20:35Z", "publishedDate": "2022-08-29T15:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.