Description
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-16
Issue Tracking, Mitigation, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1921438
Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Mailing List, Mitigation, Vendor Advisory
https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
Third Party Advisory, US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
Scores
CVSS v3
7.5
EPSS
0.0050
EPSS Percentile
66.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (19)
fedoraproject/fedora
33
lldpd_project/lldpd
< 1.0.8
openvswitch/openvswitch
2.6.0 - 2.6.9
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/openshift_container_platform
4.0
redhat/openstack
10
redhat/openstack
13
redhat/virtualization
4.0
siemens/simatic_hmi_unified_comfort_panels_firmware
< 17
... and 9 more
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026