All errata/p10/ALT-PU-2023-1806-2
ALT-PU-2023-1806-2

Package update openvswitch in branch p10

Version2.17.6-alt1
Task#319867
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (8)

BDU:2023-00290
CRITICAL9.8

Уязвимость программного многоуровневого коммутатора Open vSwitch, связанная с потерей значимости целого числа, позволяющая нарушителю выполнить произвольный код в целевой системе

Published: 2023-01-23Modified: 2023-11-09
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2023-00291
CRITICAL9.8

Уязвимость программного многоуровневого коммутатора Open vSwitch, связанная с потерей значимости целого числа, позволяющая нарушителю выполнить произвольный код в целевой системе

Published: 2023-01-23Modified: 2023-11-09
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2024-06943
HIGH8.2

Уязвимость программного многоуровневого коммутатора OpenvSwitch, связанная с реализацией некорректного потока управления, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

Published: 2024-09-13Modified: 2024-11-11
CVSS 3.xHIGH 8.2
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
References
CVE-2019-25076
MEDIUM5.8

The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.

Published: 2022-09-08Modified: 2024-11-21
CVSS 3.xMEDIUM 5.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
References
CVE-2021-3905
HIGH7.5

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

Published: 2022-08-23Modified: 2024-11-21
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2022-4337
CRITICAL9.8

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

Published: 2023-01-10Modified: 2024-11-21
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2022-4338
CRITICAL9.8

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

Published: 2023-01-10Modified: 2024-11-21
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-1668
HIGH8.2

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Published: 2023-04-10Modified: 2025-04-23
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References