When processing a IP packet with protocol 0, OVS will install datapath flow without action modifying ip header. This results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wilcarded) for this flow but with an incorrect action. This may result in incorrect handling of other IP packets with a != 0 IP protocol that match this dp flow. Such a mishandling might be triggered/exploited remotely.
Is openvswitch 2.15 on EL8 used by RHV 4.4 SP1 also affected?
Public: https://www.openwall.com/lists/oss-security/2023/04/06/1
Created openvswitch tracking bugs for this issue: Affects: fedora-all [bug 2186245] Created ovn tracking bugs for this issue: Affects: fedora-all [bug 2186246] Created rdo-openvswitch tracking bugs for this issue: Affects: openstack-rdo [bug 2186247]
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:1766 https://access.redhat.com/errata/RHSA-2023:1766
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2023:1769 https://access.redhat.com/errata/RHSA-2023:1769
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:1765 https://access.redhat.com/errata/RHSA-2023:1765
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2023:1770 https://access.redhat.com/errata/RHSA-2023:1770
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:1823 https://access.redhat.com/errata/RHSA-2023:1823
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2023:1824 https://access.redhat.com/errata/RHSA-2023:1824
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1668
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:3491 https://access.redhat.com/errata/RHSA-2023:3491