Open vSwitch 2.7.x vulnerabilities – Sep 2018

In the past, servers would physically connect to a hardware-based switch located in the data center. When VMware created server virtualization the access layer changed from having to be connected to a physical switch to being able to connect to a virtual switch. This virtual switch is a software layer that resides in a server that is hosting virtual machines (VMs). VMs, and now also containers, such as Docker, have logical or virtual Ethernet ports. These logical ports connect to a virtual switch.

There are total 3 items of vulnerabilities found few months ago (Jun 2018). From security point of view, I focus on CVE-2018-17206 since vulnerability can let attacker relies on maliciously exploited to access privileged information.

References:

CVE-2018-17206 – https://access.redhat.com/security/cve/cve-2018-17206

CVE-2018-17204 – https://access.redhat.com/security/cve/cve-2018-17204

CVE-2018-17205 – https://access.redhat.com/security/cve/cve-2018-17205