5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.005 Low
EPSS
Percentile
75.9%
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6,
affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit,
flows that are added in a bundle are applied to ofproto in order. If a flow
cannot be added (e.g., the flow action is a go-to for a group id that does
not exist), OvS tries to revert back all previous flows that were
successfully applied from the same bundle. This is possible since OvS
maintains list of old flows that were replaced by flows from the bundle.
While reinserting old flows, OvS has an assertion failure due to a check on
rule state != RULE_INITIALIZED. This would work for new flows, but for an
old flow the rule state is RULE_REMOVED. The assertion failure causes an
OvS crash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | openvswitch | < 2.9.2-0ubuntu0.18.04.3 | UNKNOWN |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.005 Low
EPSS
Percentile
75.9%