REDHAT-BUG-1632525
First published: Tue Sep 25 2018(Updated: )
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash. Upstream Patch: <a href="https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6">https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open vSwitch | >=2.7.x<=2.7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1632526
- https://access.redhat.com/security/cve/CVE-2018-17205
- https://access.redhat.com/errata/RHSA-2018:3500
- https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/node
- https://access.redhat.com/articles/2176281
- https://access.redhat.com/errata/RHSA-2019:0053
- https://access.redhat.com/errata/RHSA-2019:0081
- https://bugzilla.redhat.com/show_bug.cgi?id=1632525
Frequently Asked Questions
What is the severity of REDHAT-BUG-1632525?
The severity of REDHAT-BUG-1632525 is classified as moderate due to potential flow inconsistencies in Open vSwitch.
How do I fix REDHAT-BUG-1632525?
To fix REDHAT-BUG-1632525, you should upgrade Open vSwitch to a version higher than 2.7.6.
What are the affected versions for REDHAT-BUG-1632525?
REDHAT-BUG-1632525 affects Open vSwitch versions from 2.7.x through 2.7.6.
What is the impact of REDHAT-BUG-1632525?
The impact of REDHAT-BUG-1632525 may lead to unexpected behavior when adding flow rules in Open vSwitch.
Is REDHAT-BUG-1632525 a publicly disclosed vulnerability?
Yes, REDHAT-BUG-1632525 has been publicly disclosed and documented in the Red Hat bug tracker.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-17205
- agent/source
- agent/severity
- agent/description
- agent/references
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/open vswitch
- canonical/open vswitch