Bug 1192289 – VUL-0: CVE-2021-3905: openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets

Bug 1192289 - (CVE-2021-3905) VUL-0: CVE-2021-3905: openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets

(CVE-2021-3905)
Summary:	VUL-0: CVE-2021-3905: openvswitch: External triggered memory leak in Open vSw...

Status:	RESOLVED WORKSFORME

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	package coldpool
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/314105/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-3905:5.3:(AV:N...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-11-03 10:50 UTC by Thomas Leroy
Modified:	2021-11-05 08:14 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2021-11-03 10:50:13 UTC

rh#2019692

A vulnerability was found in Openvswitch where a memory leak exists during userspace ip fragmentation processing which causes OpenvSwitch to leak packet buffers.

Commit introducing the vulnerability [0]
Upstream fix commit [1]

[0] https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1
[1] https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349

References:
https://github.com/openvswitch/ovs-issues/issues/226
https://patchwork.ozlabs.org/project/openvswitch/patch/20211005181844.734362-1-aconole@redhat.com/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2019692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3905

Comment 1 Thomas Leroy 2021-11-03 14:02:50 UTC

The commit introducing the bug is a patch for another recent bug that has no CVE assigned, and that is absent from every codestreams. Therefore, none of the SLE codestreams are affected.

Comment 2 Thomas Leroy 2021-11-03 15:00:21 UTC

openSUSE is also not affected.

Comment 3 Petr Gajdos 2021-11-03 15:59:52 UTC

Okay, can this be closed then?

Comment 4 Petr Gajdos 2021-11-04 11:23:43 UTC

Closing, see comment 2 and comment 1. In case we are supposed to do something, please let us know.

Comment 5 Petr Gajdos 2021-11-04 11:39:57 UTC

And of course: Thanks Thomas for the analysis!

Comment 6 Thomas Leroy 2021-11-04 16:13:50 UTC

Sorry for the late answer Petr. I asked to the project maintainers if the bug patched by [0] was security relevant, and the answer is no. So closing was fine!

Comment 7 Petr Gajdos 2021-11-05 08:14:59 UTC

I rather meant: comment 1 and comment 2 indicates that no our code stream is affected.