CVE-2019-15753

Name of the Vulnerable Software and Affected Versions OpenStack os-vif versions 1.15.x through 1.15.1 OpenStack os-vif version 1.16.0

Description The issue affects deployments using the linuxbridge backend, where a hard-coded MAC aging time of 0 disables MAC learning. This forces obligatory Ethernet flooding of non-local destinations, impeding network performance and potentially allowing users to view the content of packets for instances belonging to other tenants on the same network. The problem occurs in the PyRoute2.add() function, located in the internal/command/ip/linux/impl pyroute2.py file.

Recommendations For OpenStack os-vif versions 1.15.x through 1.15.1, update to version 1.15.2 or later to resolve the issue. For OpenStack os-vif version 1.16.0, consider disabling the linuxbridge backend until a patch is available, or restrict access to the affected network to minimize the risk of exploitation.