CVE-2018-17205
Published: 19 September 2018
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
Priority
Status
Package | Release | Status |
---|---|---|
openvswitch Launchpad, Ubuntu, Debian |
bionic |
Released
(2.9.2-0ubuntu0.18.04.3)
|
cosmic |
Not vulnerable
(2.10.0-0ubuntu2)
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/openvswitch/ovs/commit/9a0ac025de9303334688ff08f01fc08604d2f624 upstream: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 upstream: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 upstream: https://github.com/openvswitch/ovs/commit/24bf63b2132fa1d170c1f5594cb74ffa8e924092 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |