CVE-2023-1668

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudbase:open_vswitch:3.1.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*

History

26 Nov 2023, 11:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202311-16 -

07 Nov 2023, 04:04

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/', 'name': 'FEDORA-2023-7da03dc2ae', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/ -

Information

Published : 2023-04-10 22:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-1668

Mitre link : CVE-2023-1668

CVE.ORG link : CVE-2023-1668


JSON object : View

Products Affected

cloudbase

  • open_vswitch

debian

  • debian_linux

redhat

  • fast_datapath
  • virtualization
  • openshift_container_platform
  • openstack_platform
  • enterprise_linux
CWE
CWE-670

Always-Incorrect Control Flow Implementation