Multiple versions of OVN (Open Virtual Network) are vulnerable to allowing crafted UDP packets to bypass egress access control list (ACL) rules. This can result in unauthorized access to virtual machines and containers running on the OVN network. OVN provides rudimentary DNS caching as an optional feature to speed up lookups of frequently-used domains. When this feature is enabled, due to the OpenFlow rules that OVN installs in Open vSwitch, it is possible for an attacker to craft a UDP packet that can bypass egress ACL rules. Egress ACL rules are those that have the "direction" set to "to-lport". The OVN installation is vulnerable if a logical switch has DNS records set on it AND if the same switch has any egress ACLs configured on it. The switch is considered to have egress ACLs configured if the switch has an egress ACL configured directly on it using the "acls" column of the logical switch. A switch is also considered to have egress ACLs configured if any of its logical switch ports are part of a port group that has egress ACLs configured in its "acls" column. We recommend that users of OVN apply the linked patches, or upgrade to a known patched version of OVN. These include: v22.03.8 v24.03.5 v24.09.2
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2025:1084 https://access.redhat.com/errata/RHSA-2025:1084
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1090 https://access.redhat.com/errata/RHSA-2025:1090
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2025:1083 https://access.redhat.com/errata/RHSA-2025:1083
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1089 https://access.redhat.com/errata/RHSA-2025:1089
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2025:1085 https://access.redhat.com/errata/RHSA-2025:1085
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2025:1086 https://access.redhat.com/errata/RHSA-2025:1086
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2025:1087 https://access.redhat.com/errata/RHSA-2025:1087
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2025:1088 https://access.redhat.com/errata/RHSA-2025:1088
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1092 https://access.redhat.com/errata/RHSA-2025:1092
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1093 https://access.redhat.com/errata/RHSA-2025:1093
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1091 https://access.redhat.com/errata/RHSA-2025:1091
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1095 https://access.redhat.com/errata/RHSA-2025:1095
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1094 https://access.redhat.com/errata/RHSA-2025:1094
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1096 https://access.redhat.com/errata/RHSA-2025:1096
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2025:1097 https://access.redhat.com/errata/RHSA-2025:1097