Description
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
References (6)
Core 6
Core References
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-3905
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2019692
Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/openvswitch/ovs-issues/issues/226
Patch, Third Party Advisory
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
Patch, Third Party Advisory
https://ubuntu.com/security/CVE-2021-3905
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-16
Scores
CVSS v3
7.5
EPSS
0.0017
EPSS Percentile
37.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (5)
canonical/ubuntu_linux
21.10
fedoraproject/fedora
35
openvswitch/openvswitch
< 2.17.0
redhat/enterprise_linux_fast_datapath
7.0
redhat/enterprise_linux_fast_datapath
8.0
Published
Aug 23, 2022
Tracked Since
Feb 18, 2026