[Debian] CVE: CVE-2022-4337 / CVE-2022-4338: openvswitch: multiple CVEs
Bug #2006409 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Yue Tao |
Bug Description
CVE-2022-4337: https:/
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
CVE-2022-4338: https:/
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-4337 fixed 9.8 N L N N H
CVE-2022-4338 fixed 8.8 N L N N H
References:
https:/
https:/
It is a source package, so need to backport source patches
information type: | Public → Public Security |
tags: | added: stx.8.0 stx.security |
Changed in starlingx: | |
importance: | Undecided → High |
Changed in starlingx: | |
assignee: | nobody → Yue Tao (wrytao) |
status: | New → Triaged |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /integ/ +/873054
Review: https:/