CVE-2018-17205

Name of the Vulnerable Software and Affected Versions Open vSwitch (OvS) versions 2.7.x through 2.7.6

Description The issue is related to errors in rule checking when handling flows, which can cause a crash in Open vSwitch (OvS). This can be exploited by a remote attacker to cause a denial of service. The problem occurs during bundle commit when flows are applied to ofproto in order. If a flow cannot be added, OvS attempts to revert back all previous flows from the same bundle, leading to an assertion failure due to a check on rule state. This results in an OvS crash.

Recommendations For Open vSwitch (OvS) versions 2.7.x through 2.7.6, consider disabling the ofproto rule insert () function as a temporary workaround until a patch is available. Restrict access to the ofproto module to minimize the risk of exploitation. Avoid using the ofproto rule insert function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.