suse · CVE-2022-32166

Quick triage

Priority: medium Published: 2022-09-29 23:37:22 UTC Updated: 2026-03-05 04:40:57 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2022-32166 severity moderate: SUSE including 34 source package names (libdpdk-18_11-18.11.9-150100.4.23.1, libopenvswitch-2_11-0-2.11.5-150100.3.18.2, …), 286 product×package rows across 37 product lines (SUSE Enterprise Storage 7, SUSE Enterprise Storage 7.1, … (37 product lines)): Known Not Affected 232, Fixed 54.

Description:

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

cvelogic Threat Intelligence