{
  "threat_severity" : "Important",
  "public_date" : "2021-08-31T00:00:00Z",
  "bugzilla" : {
    "description" : "openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts",
    "id" : "1998052",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1998052"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.", "An input-validation flaw was found in openstack-neutron, where an authenticated attacker could change the dnsmasq configuration. By crafting extra_dhcp_opts values, the attacker could crash the dnsmasq, change parameters for tenants sharing the same interface, or otherwise alter that daemon’s behavior. This flaw might also be used to trigger a configuration parsing buffer overflow in versions of dnsmasq prior to 2.81. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity." ],
  "acknowledgement" : "Red Hat would like to thank the OpenStack project for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenStack Platform 10.0 (Newton)",
    "release_date" : "2021-09-13T00:00:00Z",
    "advisory" : "RHSA-2021:3502",
    "cpe" : "cpe:/a:redhat:openstack:10::el7",
    "package" : "openstack-neutron-1:9.4.1-56.el7ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13.0 - ELS",
    "release_date" : "2021-09-13T00:00:00Z",
    "advisory" : "RHSA-2021:3503",
    "cpe" : "cpe:/a:redhat:openstack:13::el7",
    "package" : "openstack-neutron-1:12.1.1-42.1.el7ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS",
    "release_date" : "2021-09-13T00:00:00Z",
    "advisory" : "RHSA-2021:3503",
    "cpe" : "cpe:/a:redhat:openstack:13::el7",
    "package" : "openstack-neutron-1:12.1.1-42.1.el7ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "release_date" : "2021-09-09T00:00:00Z",
    "advisory" : "RHSA-2021:3481",
    "cpe" : "cpe:/a:redhat:openstack:16.1::el8",
    "package" : "openstack-neutron-1:15.2.1-1.20210409073447.el8ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "release_date" : "2021-09-15T00:00:00Z",
    "advisory" : "RHSA-2021:3488",
    "cpe" : "cpe:/a:redhat:openstack:16.2::el8",
    "package" : "openstack-neutron-1:15.3.5-2.20210608154813.el8ost.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Integration Camel K 1",
    "fix_state" : "Not affected",
    "package_name" : "openstack-neutron",
    "cpe" : "cpe:/a:redhat:integration:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-40085\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40085\nhttps://security.openstack.org/ossa/OSSA-2021-005.html" ],
  "name" : "CVE-2021-40085",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}