CVE-2021-3905 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2021-3905?

CVE-2021-3905 is a vulnerability with a CVSS score of 7.5 (HIGH). A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

Q: How severe is CVE-2021-3905?

CVE-2021-3905 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3905?

Check the references section above for vendor advisories and patch information. Affected products include: Openvswitch Openvswitch, Redhat Enterprise Linux Fast Datapath, Canonical Ubuntu Linux, Fedoraproject Fedora.

Vulnerability Description

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openvswitch	Openvswitch	< 2.17.0
Redhat	Enterprise Linux Fast Datapath	7.0
Canonical	Ubuntu Linux	21.10
Fedoraproject	Fedora	35

Related Weaknesses (CWE)

CWE-401

References

https://access.redhat.com/security/cve/CVE-2021-3905Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2019692Issue TrackingPatchThird Party Advisory
https://github.com/openvswitch/ovs-issues/issues/226ExploitIssue TrackingPatch
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e3PatchThird Party Advisory
https://security.gentoo.org/glsa/202311-16
https://ubuntu.com/security/CVE-2021-3905PatchThird Party Advisory
https://access.redhat.com/security/cve/CVE-2021-3905Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2019692Issue TrackingPatchThird Party Advisory
https://github.com/openvswitch/ovs-issues/issues/226ExploitIssue TrackingPatch
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e3PatchThird Party Advisory
https://security.gentoo.org/glsa/202311-16
https://ubuntu.com/security/CVE-2021-3905PatchThird Party Advisory

FAQ

What is CVE-2021-3905?

CVE-2021-3905 is a vulnerability with a CVSS score of 7.5 (HIGH). A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

How severe is CVE-2021-3905?

CVE-2021-3905 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3905?

Check the references section above for vendor advisories and patch information. Affected products include: Openvswitch Openvswitch, Redhat Enterprise Linux Fast Datapath, Canonical Ubuntu Linux, Fedoraproject Fedora.