A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2137666 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/ | |
https://security.gentoo.org/glsa/202311-16 | |
https://www.debian.org/security/2023/dsa-5387 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2023/04/06/1 | Mailing List Mitigation Patch |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
History
26 Nov 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 04:04
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2023-04-10 22:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1668
Mitre link : CVE-2023-1668
CVE.ORG link : CVE-2023-1668
JSON object : View
Products Affected
cloudbase
- open_vswitch
debian
- debian_linux
redhat
- fast_datapath
- virtualization
- openshift_container_platform
- openstack_platform
- enterprise_linux
CWE
CWE-670
Always-Incorrect Control Flow Implementation