CVE-2021-3905Missing Release of Memory after Effective Lifetime in Openvswitch

CWE-401Missing Release of Memory after Effective Lifetime9 documents9 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 62.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
OpenvswitchCanonical Ubuntu LinuxFedoraproject Fedora+1 more
Timeline
PublishedAug 23
Latest updateAug 24

Description

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Ubuntuopenvswitch/openvswitch< 2.9.8-0ubuntu0.18.04.2+2

Also affects: Fedora 35, Ubuntu Linux 21.10

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-w2f8-jf7v-2cj4: A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing2022-08-24
CVEList
CVE-2021-3905: A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing2022-08-23
OSV
CVE-2021-3905: A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing2021-11-08

📋Vendor Advisories

4
Microsoft
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.2022-08-09
Ubuntu
Open vSwitch vulnerability2022-01-20
Red Hat
openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets2021-09-29
Debian
CVE-2021-3905: openvswitch - A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation ...2021

💬Community

1
Bugzilla
CVE-2021-3905 openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets2021-11-03