CVE-2024-2182

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhatCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Debian logo
Debian Releases
Debian Product
Codename
ovn
bookworm
23.03.1-1~deb12u2
fixed
trixie
25.03.0-1
fixed
forky
25.09.0-3
fixed
sid
25.09.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ovn
noble
not-affected
mantic
Fixed 23.09.0-1ubuntu0.1
released
jammy
Fixed 22.03.3-0ubuntu0.22.04.2
released
focal
Fixed 20.03.2-0ubuntu0.20.04.5
released
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:1385
https://access.redhat.com/errata/RHSA-2024:1386
https://access.redhat.com/errata/RHSA-2024:1387
https://access.redhat.com/errata/RHSA-2024:1388
https://access.redhat.com/errata/RHSA-2024:1390
https://access.redhat.com/errata/RHSA-2024:1391
https://access.redhat.com/errata/RHSA-2024:1392
https://access.redhat.com/errata/RHSA-2024:1393
https://access.redhat.com/errata/RHSA-2024:1394
https://access.redhat.com/errata/RHSA-2024:4035
https://access.redhat.com/security/cve/CVE-2024-2182
https://bugzilla.redhat.com/show_bug.cgi?id=2267840
https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
https://www.openwall.com/lists/oss-security/2024/03/12/5
http://www.openwall.com/lists/oss-security/2024/03/12/5
https://access.redhat.com/errata/RHSA-2024:1385
https://access.redhat.com/errata/RHSA-2024:1386
https://access.redhat.com/errata/RHSA-2024:1387
https://access.redhat.com/errata/RHSA-2024:1388
https://access.redhat.com/errata/RHSA-2024:1390
https://access.redhat.com/errata/RHSA-2024:1391
https://access.redhat.com/errata/RHSA-2024:1392
https://access.redhat.com/errata/RHSA-2024:1393
https://access.redhat.com/errata/RHSA-2024:1394
https://access.redhat.com/errata/RHSA-2024:4035
https://access.redhat.com/security/cve/CVE-2024-2182
https://bugzilla.redhat.com/show_bug.cgi?id=2267840
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/
https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
https://www.openwall.com/lists/oss-security/2024/03/12/5