CVE-2021-38598
First published: Mon Aug 23 2021(Updated: )
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Neutron | <16.4.1 | |
| OpenStack Neutron | >=17.0.0<17.1.3 | |
| OpenStack Neutron | =18.0.0 | |
| pip/neutron | =18.0.0 | |
| pip/neutron | >=17.0.0<17.1.3 | 17.1.3 |
| pip/neutron | <16.4.1 | 16.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://launchpad.net/bugs/1938670
- https://nvd.nist.gov/vuln/detail/CVE-2021-38598
- https://github.com/openstack/neutron/commit/0a931391d8990f3e654b4bfda24ae4119c609bbf
- https://github.com/openstack/neutron/commit/cc0d28a3e2ccfad6fc2ff24d78f009cbe3992575
- https://opendev.org/openstack/neutron/commit/fafa5dacd5057120562184a734e7345e7c0e9639
- https://github.com/advisories/GHSA-hvm4-mc7m-22w4 (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-360.yaml
Frequently Asked Questions
What is CVE-2021-38598?
CVE-2021-38598 is a vulnerability in OpenStack Neutron that allows hardware address impersonation.
Which versions of OpenStack Neutron are affected by CVE-2021-38598?
OpenStack Neutron versions before 16.4.1, 17.x before 17.1.3, and 18.0.0 are affected by CVE-2021-38598.
What is the severity of CVE-2021-38598?
CVE-2021-38598 has a severity rating of 9.1 (critical).
How does CVE-2021-38598 allow hardware address impersonation?
CVE-2021-38598 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform.
Is there a fix for CVE-2021-38598?
Yes, upgrading to OpenStack Neutron version 16.4.1, 17.1.3, or 18.0.0 will fix CVE-2021-38598.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/softwarecombine
- agent/weakness
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/author
- collector/github-advisory
- source/GitHub
- alias/GHSA-hvm4-mc7m-22w4
- alias/CVE-2021-38598
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- vendor/openstack
- canonical/openstack neutron
- version/openstack neutron/17.0.0
- version/openstack neutron/18.0.0
- package-manager/pip