Bug 2137666 (CVE-2023-1668)
| Summary: | CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Anten Skrabec <askrabec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | amusil, apevec, arachman, chrisw, ctrautma, dfreiber, echaudro, eglynn, fleitner, jburrell, jhsiao, jiji, jjoyce, lhh, lpeer, lveyde, mburns, mgarciac, michal.skrivanek, mkolesni, mperina, ovs-bugzilla, ovs-qe, ovs-triage, ralongi, rdey, rhos-maint, rkhan, rogbas, sbonazzo, scohen, security-response-team, spower, tredaelli, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ovs 3.1.1, ovs 3.0.4, ovs 2.17.6, ovs 2.16.7, ovs 2.15.8, ovs 2.14.9, ovs 2.13.11 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-04-18 19:36:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2169004, 2169005, 2182822, 2182823, 2182824, 2182825, 2182826, 2182827, 2182828, 2182829, 2182830, 2182831, 2182832, 2182833, 2182834, 2186245, 2186246, 2186247, 2188027, 2210714 | ||
| Bug Blocks: | 2135070 | ||
|
Description
Anten Skrabec
2022-10-25 18:55:24 UTC
Is openvswitch 2.15 on EL8 used by RHV 4.4 SP1 also affected? Created openvswitch tracking bugs for this issue: Affects: fedora-all [bug 2186245] Created ovn tracking bugs for this issue: Affects: fedora-all [bug 2186246] Created rdo-openvswitch tracking bugs for this issue: Affects: openstack-rdo [bug 2186247] This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:1766 https://access.redhat.com/errata/RHSA-2023:1766 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2023:1769 https://access.redhat.com/errata/RHSA-2023:1769 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:1765 https://access.redhat.com/errata/RHSA-2023:1765 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2023:1770 https://access.redhat.com/errata/RHSA-2023:1770 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:1823 https://access.redhat.com/errata/RHSA-2023:1823 This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:1824 https://access.redhat.com/errata/RHSA-2023:1824 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1668 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:3491 https://access.redhat.com/errata/RHSA-2023:3491 |