CVE-2020-27827 - Vulnerability Details

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00415.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Lldpd Project	Lldpd
Openvswitch	Openvswitch
Redhat	Enterprise Linux Openshift Container Platform Openstack Rhev Hypervisor Virtualization
Siemens	Simatic Hmi Unified Comfort Panels Simatic Hmi Unified Comfort Panels Firmware Simatic Net Cp 1243-1 Simatic Net Cp 1243-1 Firmware Simatic Net Cp 1243-8 Irc Simatic Net Cp 1243-8 Irc Firmware Simatic Net Cp 1542sp-1 Simatic Net Cp 1542sp-1 Firmware Simatic Net Cp 1542sp-1 Irc Simatic Net Cp 1542sp-1 Irc Firmware Simatic Net Cp 1543-1 Simatic Net Cp 1543-1 Firmware Simatic Net Cp 1543sp-1 Simatic Net Cp 1543sp-1 Firmware Simatic Net Cp 1545-1 Simatic Net Cp 1545-1 Firmware Sinumerik One Sinumerik One Firmware Tim 1531 Irc Tim 1531 Irc Firmware

Configuration 1 [-]

OR	cpe:2.3:a:lldpd_project:lldpd::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::
	cpe:2.3:a:openvswitch:openvswitch::::::::

Configuration 2 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:a:redhat:openstack:10:::::::*
	cpe:2.3:a:redhat:openstack:13:::::::*
	cpe:2.3:a:redhat:virtualization:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:simatic_hmi_unified_comfort_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_unified_comfort_panels:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1542sp-1:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:sinumerik_one_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinumerik_one:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Fast Datapath for Red Hat Enterprise Linux 7
openvswitch2.11-0:2.11.3-86.el7fdp	cpe:/o:redhat:enterprise_linux:7::fastdatapath	RHSA-2021:0834	2021-03-15T00:00:00Z
openvswitch2.13-0:2.13.0-81.el7fdp	cpe:/o:redhat:enterprise_linux:7::fastdatapath	RHSA-2021:0835	2021-03-15T00:00:00Z
openvswitch-0:2.9.9-1.el7fdp	cpe:/o:redhat:enterprise_linux:7::fastdatapath	RHSA-2021:2077	2021-05-20T00:00:00Z
Fast Datapath for Red Hat Enterprise Linux 8
openvswitch2.13-0:2.13.0-79.5.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2021:0497	2021-02-11T00:00:00Z
openvswitch2.11-0:2.11.3-83.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2021:0837	2021-03-15T00:00:00Z
Red Hat Enterprise Linux 9
lldpd-0:1.0.18-4.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9158	2024-11-12T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
openvswitch2.11-0:2.11.3-86.el7fdp	cpe:/a:redhat:openstack:13::el7	RHSA-2021:2456	2021-06-16T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
openvswitch-0:2.9.9-1.el7fdp	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2021:2077	2021-05-20T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
openvswitch2.11-0:2.11.3-86.el7fdp	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2021:1050	2021-03-31T00:00:00Z
ovn2.11-0:2.11.1-57.el7fdp	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2021:1050	2021-03-31T00:00:00Z
redhat-virtualization-host-0:4.3.14-20210322.0.el7_9	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2021:1051	2021-03-31T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.4.4-20210307.0.el8_3	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2021:0976	2021-03-23T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2571-1	openvswitch security update
Debian DLA	DLA-3388-1	lldpd security update
Debian DLA	DLA-3389-1	lldpd security update
Debian DSA	DSA-4836-1	openvswitch security update
EUVD	EUVD-2020-20326	A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Ubuntu USN	USN-4691-1	Open vSwitch vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1921438
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/
https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
https://nvd.nist.gov/vuln/detail/CVE-2020-27827
https://security.gentoo.org/glsa/202311-16
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
https://www.cve.org/CVERecord?id=CVE-2020-27827

History

Wed, 13 Nov 2024 02:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-03-18T00:00:00

Updated: 2024-08-04T16:25:43.547Z

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27827

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-18T17:15:13.510

Modified: 2024-11-21T05:21:53.260

Link: CVE-2020-27827

Redhat

Severity : Moderate

Publid Date: 2021-01-13T00:00:00Z

Links: CVE-2020-27827 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object