CVE-2023-1668

EUVD-2023-23896
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CISA-ADPADP
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
cloudbaseopen_vswitch
1.5.0 ≤
𝑥
< 2.13.11
cloudbaseopen_vswitch
2.14.0 ≤
𝑥
< 2.14.9
cloudbaseopen_vswitch
2.15.0 ≤
𝑥
< 2.15.8
cloudbaseopen_vswitch
2.16.0 ≤
𝑥
< 2.16.7
cloudbaseopen_vswitch
2.17.0 ≤
𝑥
< 2.17.6
cloudbaseopen_vswitch
3.0.0 ≤
𝑥
< 3.0.4
cloudbaseopen_vswitch
3.1.0
debiandebian_linux
11.0
redhatopenshift_container_platform
4.0
redhatopenstack_platform
16.1
redhatopenstack_platform
16.2
redhatopenstack_platform
17.0
redhatvirtualization
4.0
redhatfast_datapath
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openvswitch
bookworm
3.1.0-2+deb12u1
fixed
bookworm (security)
3.1.0-2+deb12u1
fixed
bullseye
2.15.0+ds1-2+deb11u5
fixed
bullseye (security)
2.15.0+ds1-2+deb11u5
fixed
sid
3.5.0~git20241129.2af7cef-2
fixed
trixie
3.5.0~git20241129.2af7cef-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvswitch
bionic
Fixed 2.9.8-0ubuntu0.18.04.5
released
focal
Fixed 2.13.8-0ubuntu1.2
released
jammy
Fixed 2.17.5-0ubuntu0.22.04.2
released
kinetic
Fixed 3.0.3-0ubuntu0.22.10.3
released
lunar
Fixed 3.1.0-1ubuntu1
released
mantic
Fixed 3.1.0-1ubuntu1
released
noble
Fixed 3.1.0-1ubuntu1
released
oracular
Fixed 3.1.0-1ubuntu1
released
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2137666
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/
https://security.gentoo.org/glsa/202311-16
https://www.debian.org/security/2023/dsa-5387
https://www.openwall.com/lists/oss-security/2023/04/06/1
https://bugzilla.redhat.com/show_bug.cgi?id=2137666
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/
https://security.gentoo.org/glsa/202311-16
https://www.debian.org/security/2023/dsa-5387
https://www.openwall.com/lists/oss-security/2023/04/06/1