VMs can send ICMPv6 Neighbor Advertisement packets with no check on their content to mis-direct traffic to them (source address spoofing).
Pre-condition: two running VMs in the same L2 flat network with IPv6 connectivity
Upstream bug: https://bugs.launchpad.net/neutron/+bug/1902917
Upstream patch: https://review.opendev.org/c/openstack/neutron/+/776599
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1345892 (same issue but for OpenVSwitch driver instead of iptables)
Created openstack-neutron tracking bugs for this issue:
Affects: openstack-rdo [bug 1934331]
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
*** Bug 1962090 has been marked as a duplicate of this bug. ***
*** Bug 1962091 has been marked as a duplicate of this bug. ***
*** Bug 1962092 has been marked as a duplicate of this bug. ***
Fix included also in openstack-neutron-12.1.1-44.el7ost for OSP-13.0 already