Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 769995 (CVE-2020-35498) - <net-misc/openvswitch-2.15.0: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498)
Summary: <net-misc/openvswitch-2.15.0: limitation in the OVS packet parsing in userspa...
Status: IN_PROGRESS
Alias: CVE-2020-35498
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://mail.openvswitch.org/pipermai...
Whiteboard: B3 [glsa? cleanup cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-11 01:51 UTC by John Helmert III
Modified: 2021-06-06 03:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-02-11 01:51:15 UTC
CVE-2020-35498:

Multiple versions of Open vSwitch are vulnerable to potential problems
like denial of service attacks, in which crafted network packets could
cause the packet lookup to ignore network header fields from layers 3
and 4.

Both kernel and userspace datapaths are affected, including DPDK enabled
Open vSwitch (OVS-DPDK) as an example of the latter.

The crafted network packet is an ordinary IPv4 or IPv6 packet with
Ethernet padding length above 255 bytes. This causes the packet sanity
check to abort parsing header fields after layer 2.

When that situation happens, the classifier will use an unexpected set
of header fields. This could cause the packet lookup to either match
on unintended flows or return the default table miss action 'drop'.

As a consequence, the datapath can be instructed to match on an
incorrect range of packets with an action to drop them, for example.
Further legit traffic could hit the cached flow preventing it to
expire extending the situation.


Patch (in 2.14.2): https://github.com/openvswitch/ovs/commit/59b588604b89e85b463984ba08a99badb4fcba15

Please bump.
Comment 1 John Helmert III gentoo-dev Security 2021-03-19 03:43:38 UTC
Ping
Comment 2 Larry the Git Cow gentoo-dev 2021-06-05 20:41:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e7539efe063efccea4bb469643ce76de1368e1c

commit 5e7539efe063efccea4bb469643ce76de1368e1c
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2021-06-05 20:41:26 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2021-06-05 20:41:41 +0000

    net-misc/openvswitch: 2.15.0 bump
    
    Bug: https://bugs.gentoo.org/769995
    Package-Manager: Portage-3.0.18, Repoman-3.0.2
    Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>

 net-misc/openvswitch/Manifest                  |   1 +
 net-misc/openvswitch/openvswitch-2.15.0.ebuild | 144 +++++++++++++++++++++++++
 2 files changed, 145 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2021-06-05 20:46:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9541eceef95f8758d466afd02eae7fd33555717

commit d9541eceef95f8758d466afd02eae7fd33555717
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2021-06-05 20:46:45 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2021-06-05 20:46:52 +0000

    net-misc/openvswitch: 2.15.0 fast stable for cve
    
    Bug: https://bugs.gentoo.org/769995
    Package-Manager: Portage-3.0.18, Repoman-3.0.2
    Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>

 net-misc/openvswitch/openvswitch-2.15.0.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 4 John Helmert III gentoo-dev Security 2021-06-06 03:38:08 UTC
Please cleanup when ready, though might be good to wait a couple days in case of any regressions.