CVE-2019-15753 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-15753 Interim 1 10 2025-02-17T01:56:31Z current 2021-05-30T14:31:26Z 2025-02-17T01:56:31Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-15753 In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 HPE Helion OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 python-os-vif python-os-vif as a component of HPE Helion OpenStack 8 python-os-vif as a component of HPE Helion OpenStack Cloud 8 python-os-vif as a component of SUSE OpenStack Cloud 7 python-os-vif as a component of SUSE OpenStack Cloud 8 python-os-vif as a component of SUSE OpenStack Cloud 9 python-os-vif as a component of SUSE OpenStack Cloud Crowbar 8 python-os-vif as a component of SUSE OpenStack Cloud Crowbar 9 In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. CVE-2019-15753 HPE Helion OpenStack 8:python-os-vif HPE Helion OpenStack Cloud 8:python-os-vif SUSE OpenStack Cloud 7:python-os-vif SUSE OpenStack Cloud 8:python-os-vif SUSE OpenStack Cloud 9:python-os-vif SUSE OpenStack Cloud Crowbar 8:python-os-vif SUSE OpenStack Cloud Crowbar 9:python-os-vif moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 5.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L