Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 887561 (CVE-2022-4337, CVE-2022-4338) - net-misc/openvswitch: LLDP underflow
Summary: net-misc/openvswitch: LLDP underflow
Alias: CVE-2022-4337, CVE-2022-4338
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [ebuild]
Depends on:
Reported: 2022-12-20 21:45 UTC by John Helmert III
Modified: 2022-12-21 16:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-20 21:45:50 UTC
"Multiple versions of Open vSwitch are vulnerable to crafted LLDP
packets causing denial of service, and data underflow attacks.
Triggering the vulnerabilities requires LLDP processing to be enabled
for a specific port.  Open vSwitch versions prior to 2.4.0 are not

The Common Vulnerabilities and Exposures project (
did not assign the identifier to this issue yet.  The identifier will
be communicated separately.  This issue does not affect the `lldpd'
project, although they share a code base.  The issue is related to
parsing the Auto Attach TLVs, which is specific to the Open vSwitch

Please bump to 2.15.7, 2.17.5.