CVE-2021-38598

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-38598
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38598.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-38598
Aliases
Downstream
Published
2021-08-23T05:15:08.193Z
Modified
2026-04-10T04:36:46.866725Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.

References

Affected packages

Git / github.com/openstack/neutron

Affected ranges

Type
GIT
Repo
https://github.com/openstack/neutron
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6a761dc42da99625bb18b4aabf4e2b340396c78c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5858f6c5023121ea645c832ab87f078f0249adeb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "16.4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "18.0.0"
        }
    ]
}

Affected versions

10.*
10.0.0.0b1
10.0.0.0b2
10.0.0.0b3
10.0.0.0rc1
11.*
11.0.0.0b1
11.0.0.0b2
11.0.0.0b3
11.0.0.0rc1
12.*
12.0.0.0b1
12.0.0.0b2
12.0.0.0b3
12.0.0.0rc1
13.*
13.0.0.0b1
13.0.0.0b2
13.0.0.0b3
13.0.0.0rc1
14.*
14.0.0
14.0.0.0b1
14.0.0.0b2
14.0.0.0b3
14.0.0.0rc1
15.*
15.0.0.0b1
15.0.0.0rc1
16.*
16.0.0
16.0.0.0b1
16.0.0.0rc1
16.0.0.0rc2
16.1.0
16.2.0
16.3.0
16.3.1
16.3.2
16.4.0
17.*
17.0.0.0rc1
18.*
18.0.0
18.0.0.0rc1
18.0.0.0rc2
2013.*
2013.1.g3
2013.2.b2
2013.2.rc1
2014.*
2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2015.*
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
7.*
7.0.0.0b1
7.0.0.0b2
7.0.0.0b3
7.0.0a0
8.*
8.0.0.0b1
8.0.0.0b2
8.0.0.0b3
8.0.0.0rc1
9.*
9.0.0.0b1
9.0.0.0b2
9.0.0.0b3
9.0.0.0rc1
Other
essex-1
essex-3
folsom-1
folsom-3
grizzly-1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "17.0.0"
            },
            {
                "fixed": "17.1.3"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38598.json"