Bug 1192289 - (CVE-2021-3905) VUL-0: CVE-2021-3905: openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets
(CVE-2021-3905)
VUL-0: CVE-2021-3905: openvswitch: External triggered memory leak in Open vSw...
Status: RESOLVED WORKSFORME
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: package coldpool
Security Team bot
https://smash.suse.de/issue/314105/
CVSSv3.1:SUSE:CVE-2021-3905:5.3:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-03 10:50 UTC by Thomas Leroy
Modified: 2021-11-05 08:14 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2021-11-03 10:50:13 UTC
rh#2019692

A vulnerability was found in Openvswitch where a memory leak exists during userspace ip fragmentation processing which causes OpenvSwitch to leak packet buffers.

Commit introducing the vulnerability [0]
Upstream fix commit [1]

[0] https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1
[1] https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349

References:
https://github.com/openvswitch/ovs-issues/issues/226
https://patchwork.ozlabs.org/project/openvswitch/patch/20211005181844.734362-1-aconole@redhat.com/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2019692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3905
Comment 1 Thomas Leroy 2021-11-03 14:02:50 UTC
The commit introducing the bug is a patch for another recent bug that has no CVE assigned, and that is absent from every codestreams. Therefore, none of the SLE codestreams are affected.
Comment 2 Thomas Leroy 2021-11-03 15:00:21 UTC
openSUSE is also not affected.
Comment 3 Petr Gajdos 2021-11-03 15:59:52 UTC
Okay, can this be closed then?
Comment 4 Petr Gajdos 2021-11-04 11:23:43 UTC
Closing, see comment 2 and comment 1. In case we are supposed to do something, please let us know.
Comment 5 Petr Gajdos 2021-11-04 11:39:57 UTC
And of course: Thanks Thomas for the analysis!
Comment 6 Thomas Leroy 2021-11-04 16:13:50 UTC
Sorry for the late answer Petr. I asked to the project maintainers if the bug patched by [0] was security relevant, and the answer is no. So closing was fine!
Comment 7 Petr Gajdos 2021-11-05 08:14:59 UTC
I rather meant: comment 1 and comment 2 indicates that no our code stream is affected.