Headline
CVE-2023-5366: cve-details
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Red Hat Product Security Center
Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.
Product Security Center
Related news
Debian Linux Security Advisory 5640-1 - Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service.
Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.
Ubuntu Security Notice 6514-1 - It was discovered that Open vSwitch did not correctly handle OpenFlow rules for ICMPv6 Neighbour Advertisement packets. A local attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.