PT-2021-7727 · Unknown+4 · Openvswitch+4

Published

2021-02-23

Updated

2024-06-15

CVE-2021-36980

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Open vSwitch versions 2.11.0 through 2.15.0

Description The issue is related to a use-after-free error in the decode NXAST RAW ENCAP() function of Open vSwitch. This error occurs during the decoding of a RAW ENCAP action and can be exploited by a remote attacker to execute arbitrary code. The decode NXAST RAW ENCAP() function is called from ofpact decode and ofpacts decode.

Recommendations For Open vSwitch versions 2.11.0 through 2.15.0, consider disabling the decode NXAST RAW ENCAP() function as a temporary workaround until a patch is available. Restrict access to the ofpact decode and ofpacts decode functions to minimize the risk of exploitation. Avoid using the RAW ENCAP action in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-3392

ALT-PU-2021-3569

AZL-6781

BDU:2023-02001

CVE-2021-36980

OESA-2021-1304

OPENSUSE-SU-2022_3096-1

OPENSUSE-SU-2022_3099-1

OPENSUSE-SU-2022_3116-1

OPENSUSE-SU-2024:11898-1

RHSA-2021:3758

RHSA-2021:3942

SUSE-SU-2022:3096-1

SUSE-SU-2022:3098-1

SUSE-SU-2022:3099-1

SUSE-SU-2022:3116-1

SUSE-SU-2022_3098-1

SUSE-SU-2022_3099-1

SUSE-SU-2022_3116-1

SUSE-SU-2023:1795-1

SUSE-SU-2023:2360-1

SUSE-SU-2023_2360-1

USN-5065-1

Affected Products

Alt Linux

Linuxmint

Openvswitch

Suse

Ubuntu

PT-2021-7727 · Unknown+4 · Openvswitch+4

CVE-2021-36980

Weakness Enumeration

Related Identifiers

Affected Products

References · 49