CVE-2021-36980 is a use-after-free vulnerability identified in Open vSwitch versions 2.11.0 through 2.15.0. Open vSwitch is an open-source multilayer virtual switch commonly used to provide network automation and virtualization in cloud computing environments and data centers. The vulnerability occurs specifically in the function decode_NXAST_RAW_ENCAP, which is invoked during the decoding of RAW_ENCAP actions within OpenFlow protocol messages. These actions are processed by the functions ofpact_decode and ofpacts_decode. A use-after-free condition arises when the software attempts to access memory that has already been freed, leading to undefined behavior. In this case, the vulnerability can cause a denial of service (DoS) by crashing the Open vSwitch process or potentially allow an attacker to execute arbitrary code if they can control the input data. The CVSS 3.1 base score is 5.5 (medium severity), reflecting that the vulnerability requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is needed (UI:R). The impact is limited to availability (A:H) with no confidentiality or integrity impact. There are no known exploits in the wild as of the publication date, and no official patches were linked in the provided data, although it is expected that Open vSwitch maintainers have addressed this issue in subsequent releases. The vulnerability is classified under CWE-416 (Use After Free).

For European organizations, especially those operating cloud infrastructure, data centers, or virtualized network environments using Open vSwitch, this vulnerability poses a risk primarily to service availability. An attacker with local access or the ability to send crafted OpenFlow messages requiring user interaction could trigger the use-after-free, causing the Open vSwitch daemon to crash and disrupt network traffic forwarding. This could lead to temporary denial of service affecting critical business applications and services reliant on virtual networking. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact can have cascading effects on operational continuity. Organizations in sectors such as finance, telecommunications, and critical infrastructure, which heavily rely on virtualized networking, could face operational disruptions. The requirement for user interaction and local access reduces the likelihood of remote exploitation but does not eliminate risk in multi-tenant or shared environments where attackers may have some level of access.

European organizations should ensure that their Open vSwitch deployments are updated to versions later than 2.15.0 where this vulnerability is addressed. In the absence of an official patch, organizations should consider implementing strict network segmentation and access controls to limit who can send OpenFlow messages to Open vSwitch instances. Monitoring and logging OpenFlow traffic for anomalous RAW_ENCAP actions can help detect exploitation attempts. Additionally, restricting user interaction paths that could trigger the vulnerability and employing host-based intrusion detection systems to monitor the Open vSwitch process stability are recommended. For environments where patching is delayed, deploying compensating controls such as isolating Open vSwitch management interfaces and enforcing strict authentication and authorization policies can reduce exposure. Regular vulnerability scanning and penetration testing focused on virtual network components should be conducted to identify potential exploitation vectors.