Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2024-2182
HistoryMar 12, 2024 - 5:15 p.m.

CVE-2024-2182

2024-03-1217:15:59
Debian Security Bug Tracker
security-tracker.debian.org
6
flaw
ovn
denial of service
crafted packets
hypervisors

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

OSVersionArchitecturePackageVersionFilename
Debian12allovn<= 23.03.0-1ovn_23.03.0-1_all.deb
Debian999allovn< 24.03.1-1ovn_24.03.1-1_all.deb
Debian13allovn< 24.03.1-1ovn_24.03.1-1_all.deb

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%