Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-1668

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Published

2023-04-10T22:15:09.133

Last Modified

2025-04-23T17:16:28.023

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Secondary
CWE-670
Type: Primary
CWE-670

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cloudbase	open_vswitch	< 2.13.11	Yes
Application	cloudbase	open_vswitch	< 2.14.9	Yes
Application	cloudbase	open_vswitch	< 2.15.8	Yes
Application	cloudbase	open_vswitch	< 2.16.7	Yes
Application	cloudbase	open_vswitch	< 2.17.6	Yes
Application	cloudbase	open_vswitch	< 3.0.4	Yes
Application	cloudbase	open_vswitch	3.1.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Application	redhat	openshift_container_platform	4.0	Yes
Application	redhat	openstack_platform	16.1	Yes
Application	redhat	openstack_platform	16.2	Yes
Application	redhat	openstack_platform	17.0	Yes
Application	redhat	virtualization	4.0	Yes
Application	redhat	fast_datapath	-	Yes
Operating System	redhat	enterprise_linux	7.0	No
Operating System	redhat	enterprise_linux	8.0	No

References

https://bugzilla.redhat.com/show_bug.cgi?id=2137666 Issue Tracking, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/ ([email protected])
https://security.gentoo.org/glsa/202311-16 ([email protected])
https://www.debian.org/security/2023/dsa-5387 Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2023/04/06/1 Mailing List, Mitigation, Patch ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2137666 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202311-16 (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5387 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2023/04/06/1 Mailing List, Mitigation, Patch (af854a3a-2127-422b-91ae-364da2661108)