CVE-2023-1668

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
cloudbaseopen_vswitch
1.5.0 ≤
𝑥
< 2.13.11
cloudbaseopen_vswitch
2.14.0 ≤
𝑥
< 2.14.9
cloudbaseopen_vswitch
2.15.0 ≤
𝑥
< 2.15.8
cloudbaseopen_vswitch
2.16.0 ≤
𝑥
< 2.16.7
cloudbaseopen_vswitch
2.17.0 ≤
𝑥
< 2.17.6
cloudbaseopen_vswitch
3.0.0 ≤
𝑥
< 3.0.4
cloudbaseopen_vswitch
3.1.0
debiandebian_linux
11.0
redhatopenshift_container_platform
4.0
redhatopenstack_platform
16.1
redhatopenstack_platform
16.2
redhatopenstack_platform
17.0
redhatvirtualization
4.0
redhatfast_datapath
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openvswitch
bookworm
3.1.0-2+deb12u1
fixed
bookworm (security)
3.1.0-2+deb12u1
fixed
bullseye
2.15.0+ds1-2+deb11u5
fixed
bullseye (security)
2.15.0+ds1-2+deb11u5
fixed
sid
3.5.0~git20241129.2af7cef-2
fixed
trixie
3.5.0~git20241129.2af7cef-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvswitch
bionic
Fixed 2.9.8-0ubuntu0.18.04.5
released
focal
Fixed 2.13.8-0ubuntu1.2
released
jammy
Fixed 2.17.5-0ubuntu0.22.04.2
released
kinetic
Fixed 3.0.3-0ubuntu0.22.10.3
released
lunar
Fixed 3.1.0-1ubuntu1
released
mantic
Fixed 3.1.0-1ubuntu1
released
noble
Fixed 3.1.0-1ubuntu1
released
oracular
Fixed 3.1.0-1ubuntu1
released
trusty
ignored
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libopenvswitch-2_13-0
suse enterprise server 15 SP2
2.13.2-150200.9.22.1
fixed
libopenvswitch-2_14-0
suse enterprise sap 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP3
2.14.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.9.1
fixed
libopenvswitch-3_1-0
suse enterprise sap 15 SP5
3.1.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
libopenvswitch-3_5-0
suse enterprise sap 15 SP7
3.5.0-150700.39.4
fixed
suse enterprise server 15 SP7
3.5.0-150700.39.4
fixed
libovn-20_03-0
suse enterprise server 15 SP2
20.03.1-150200.9.22.1
fixed
libovn-20_06-0
suse enterprise sap 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP3
20.06.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.9.1
fixed
libovn-23_03-0
suse enterprise sap 15 SP5
23.03.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
libovn-25_03-0
suse enterprise sap 15 SP7
25.03.0-150700.39.4
fixed
suse enterprise server 15 SP7
25.03.0-150700.39.4
fixed
openvswitch
suse enterprise sap 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
3.5.0-150700.39.4
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.22.1
fixed
suse enterprise server 15 SP3
2.14.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
suse enterprise server 15 SP7
3.5.0-150700.39.4
fixed
openvswitch-devel
suse enterprise sap 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
3.5.0-150700.39.4
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.22.1
fixed
suse enterprise server 15 SP3
2.14.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
suse enterprise server 15 SP7
3.5.0-150700.39.4
fixed
openvswitch-ipsec
suse enterprise sap 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
3.5.0-150700.39.4
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.22.1
fixed
suse enterprise server 15 SP3
2.14.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
suse enterprise server 15 SP7
3.5.0-150700.39.4
fixed
openvswitch-pki
suse enterprise sap 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
3.5.0-150700.39.4
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.22.1
fixed
suse enterprise server 15 SP3
2.14.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
suse enterprise server 15 SP7
3.5.0-150700.39.4
fixed
openvswitch-test
suse enterprise sap 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
3.5.0-150700.39.4
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.22.1
fixed
suse enterprise server 15 SP3
2.14.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
suse enterprise server 15 SP7
3.5.0-150700.39.4
fixed
openvswitch-vtep
suse enterprise sap 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
3.5.0-150700.39.4
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.22.1
fixed
suse enterprise server 15 SP3
2.14.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
suse enterprise server 15 SP7
3.5.0-150700.39.4
fixed
openvswitch3
suse enterprise sap 15 SP5
3.1.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-devel
suse enterprise sap 15 SP5
3.1.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-ipsec
suse enterprise sap 15 SP5
3.1.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-pki
suse enterprise sap 15 SP5
3.1.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-test
suse enterprise sap 15 SP5
3.1.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-vtep
suse enterprise sap 15 SP5
3.1.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
ovn
suse enterprise sap 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
25.03.0-150700.39.4
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.22.1
fixed
suse enterprise server 15 SP3
20.06.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
suse enterprise server 15 SP7
25.03.0-150700.39.4
fixed
ovn-central
suse enterprise sap 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
25.03.0-150700.39.4
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.22.1
fixed
suse enterprise server 15 SP3
20.06.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
suse enterprise server 15 SP7
25.03.0-150700.39.4
fixed
ovn-devel
suse enterprise sap 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
25.03.0-150700.39.4
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.22.1
fixed
suse enterprise server 15 SP3
20.06.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
suse enterprise server 15 SP7
25.03.0-150700.39.4
fixed
ovn-docker
suse enterprise sap 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
25.03.0-150700.39.4
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.22.1
fixed
suse enterprise server 15 SP3
20.06.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
suse enterprise server 15 SP7
25.03.0-150700.39.4
fixed
ovn-host
suse enterprise sap 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
25.03.0-150700.39.4
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.22.1
fixed
suse enterprise server 15 SP3
20.06.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
suse enterprise server 15 SP7
25.03.0-150700.39.4
fixed
ovn-vtep
suse enterprise sap 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
25.03.0-150700.39.4
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.22.1
fixed
suse enterprise server 15 SP3
20.06.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
suse enterprise server 15 SP7
25.03.0-150700.39.4
fixed
ovn3
suse enterprise sap 15 SP5
23.03.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-central
suse enterprise sap 15 SP5
23.03.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-devel
suse enterprise sap 15 SP5
23.03.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-docker
suse enterprise sap 15 SP5
23.03.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-host
suse enterprise sap 15 SP5
23.03.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-vtep
suse enterprise sap 15 SP5
23.03.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
python3-ovs
suse enterprise sap 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise sap 15 SP7
3.5.0-150700.39.4
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.22.1
fixed
suse enterprise server 15 SP3
2.14.2-150300.19.8.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.9.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
suse enterprise server 15 SP7
3.5.0-150700.39.4
fixed
python3-ovs3
suse enterprise sap 15 SP5
3.1.0-150500.3.3.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2137666
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/
https://security.gentoo.org/glsa/202311-16
https://www.debian.org/security/2023/dsa-5387
https://www.openwall.com/lists/oss-security/2023/04/06/1
https://bugzilla.redhat.com/show_bug.cgi?id=2137666
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/
https://security.gentoo.org/glsa/202311-16
https://www.debian.org/security/2023/dsa-5387
https://www.openwall.com/lists/oss-security/2023/04/06/1