CVE-2018-14636

Description

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.

References

Link	Tags
https://bugs.launchpad.net/neutron/+bug/1767422	third party advisory issue tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636	third party advisory issue tracking
https://bugs.launchpad.net/neutron/+bug/1734320	third party advisory issue tracking

Frequently Asked Questions

What is the severity of CVE-2018-14636?: CVE-2018-14636 has been scored as a medium severity vulnerability.
How to fix CVE-2018-14636?: To fix CVE-2018-14636, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-14636 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2018-14636 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-14636?: CVE-2018-14636 affects The Openstack Project openstack-neutron.

Description

Category

CWE-300 – Channel Accessible by Non-Endpoint

References

Frequently Asked Questions