View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2022-32166 severity moderate: SUSE including 34 source package names (libdpdk-18_11-18.11.9-150100.4.23.1, libopenvswitch-2_11-0-2.11.5-150100.3.18.2, …), 286 product×package rows across 37 product lines (SUSE Enterprise Storage 7, SUSE Enterprise Storage 7.1, … (37 product lines)): Known Not Affected 232, Fixed 54.
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.