CVE-2018-17205 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-17205 Interim 1 22 2025-02-17T02:36:56Z current 2021-05-30T14:17:12Z 2025-02-17T02:36:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-17205 An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-December/004965.html E-Mail link for SUSE-SU-2018:4128-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RWWVMXVHK4TM7P3FSDLTKB3QSJBMQARY/#RWWVMXVHK4TM7P3FSDLTKB3QSJBMQARY E-Mail link for openSUSE-SU-2018:4148-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Module for Server Applications 15 libopenvswitch-2_11-0 libopenvswitch-2_8-0 openvswitch openvswitch-2.7.6-3.23.1 openvswitch-devel openvswitch-2.7.6-3.23.1 as a component of SUSE Linux Enterprise Server 12 SP3 openvswitch-2.7.6-3.23.1 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA openvswitch-2.7.6-3.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenvswitch-2_11-0 as a component of SUSE Linux Enterprise Module for Server Applications 15 libopenvswitch-2_8-0 as a component of SUSE Linux Enterprise Module for Server Applications 15 openvswitch as a component of SUSE Linux Enterprise Module for Server Applications 15 openvswitch-devel as a component of SUSE Linux Enterprise Module for Server Applications 15 An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash. CVE-2018-17205 SUSE Linux Enterprise Server 12 SP3:openvswitch-2.7.6-3.23.1 SUSE Linux Enterprise Server 12 SP3-TERADATA:openvswitch-2.7.6-3.23.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:openvswitch-2.7.6-3.23.1 SUSE Linux Enterprise Module for Server Applications 15:libopenvswitch-2_11-0 SUSE Linux Enterprise Module for Server Applications 15:libopenvswitch-2_8-0 SUSE Linux Enterprise Module for Server Applications 15:openvswitch SUSE Linux Enterprise Module for Server Applications 15:openvswitch-devel moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H