Bug 1188524 – VUL-0: CVE-2021-36980: openvswitch: use-after-free in decode_NXAST_RAW_ENCAP

Bug 1188524 - (CVE-2021-36980) VUL-0: CVE-2021-36980: openvswitch: use-after-free in decode_NXAST_RAW_ENCAP

(CVE-2021-36980)
Summary:	VUL-0: CVE-2021-36980: openvswitch: use-after-free in decode_NXAST_RAW_ENCAP

Status:	NEW
Duplicates:	1196498 (view as bug list)

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/304595/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-36980:5.3:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-07-20 14:34 UTC by Alexander Bergmann
Modified:	2023-03-16 18:07 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2021-07-20 14:34:05 UTC

CVE-2021-36980

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in
decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the
decoding of a RAW_ENCAP action.

References:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36980
https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3
https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f
https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36980

Comment 1 Marcus Meissner 2022-02-25 13:25:03 UTC

*** Bug 1196498 has been marked as a duplicate of this bug. ***

Comment 2 Marcus Meissner 2022-02-25 13:25:40 UTC

ping? any update

Comment 3 Carlos López 2022-08-12 11:39:49 UTC

Apparently Jaime no longer maintains this, so reassigning to coldpool. Could someone from the list pick it up? It is long overdue.

Comment 4 Petr Gajdos 2022-08-24 09:56:31 UTC

Submitted where the code have been found: 
15sp4,15sp3,15sp2,15sp1,15,12sp5,12sp4/openvswitch

TW/openvswitch already fixed by a version update.

I believe all fixed.

Comment 6 Carlos López 2022-08-24 11:04:38 UTC

(In reply to Petr Gajdos from comment #4)
> Submitted where the code have been found: 
> 15sp4,15sp3,15sp2,15sp1,15,12sp5,12sp4/openvswitch
> 
> TW/openvswitch already fixed by a version update.
> 
> I believe all fixed.

Our tracking also has these as affected, but based on version numbers I'd say they are not.
- SUSE:SLE-12-SP2:Update
- SUSE:SLE-12-SP3:Update

Could you verify this? Thanks!

Comment 7 Petr Gajdos 2022-08-24 11:50:40 UTC

(In reply to Carlos López from comment #6)

> Our tracking also has these as affected, but based on version numbers I'd
> say they are not.
> - SUSE:SLE-12-SP2:Update
> - SUSE:SLE-12-SP3:Update
> 
> Could you verify this? Thanks!

I have verified there's no decode_NXAST_RAW_ENCAP().

Comment 8 Swamp Workflow Management 2022-09-06 10:30:08 UTC

SUSE-SU-2022:3096-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1188524
CVE References: CVE-2021-36980
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openvswitch-2.13.2-150200.9.17.1
openSUSE Leap 15.3 (src):    openvswitch-2.13.2-150200.9.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Swamp Workflow Management 2022-09-06 13:24:44 UTC

SUSE-SU-2022:3098-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1188524
CVE References: CVE-2021-36980
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    openvswitch-2.11.5-3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2022-09-06 13:27:26 UTC

SUSE-SU-2022:3099-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1188524
CVE References: CVE-2021-36980
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openvswitch-2.14.2-150400.24.3.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    openvswitch-2.14.2-150400.24.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    openvswitch-2.14.2-150400.24.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2022-09-06 16:21:29 UTC

SUSE-SU-2022:3116-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1188524
CVE References: CVE-2021-36980
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    openvswitch-2.14.2-150300.19.3.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    openvswitch-2.14.2-150300.19.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    openvswitch-2.14.2-150300.19.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.