Lucene search

K

[email protected]NVD:CVE-2024-2182

HistoryMar 12, 2024 - 5:15 p.m.

CVE-2024-2182

2024-03-1217:15:59

CWE-346

[email protected]

web.nvd.nist.gov

5

ovn

denial of service

bfd

hypervisors

high availability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

17.1%

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

References

access.redhat.com/errata/RHSA-2024:1385

access.redhat.com/errata/RHSA-2024:1386

access.redhat.com/errata/RHSA-2024:1387

access.redhat.com/errata/RHSA-2024:1388

access.redhat.com/errata/RHSA-2024:1390

access.redhat.com/errata/RHSA-2024:1391

access.redhat.com/errata/RHSA-2024:1392

access.redhat.com/errata/RHSA-2024:1393

access.redhat.com/errata/RHSA-2024:1394

access.redhat.com/errata/RHSA-2024:4035

access.redhat.com/security/cve/CVE-2024-2182

bugzilla.redhat.com/show_bug.cgi?id=2267840

mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html

www.openwall.com/lists/oss-security/2024/03/12/5

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

17.1%

Related for NVD:CVE-2024-2182

nessus18 redhat12 ubuntucve1 cve1 fedora3 redhatcve1 openvas4 ubuntu1 prion1 vulnrichment1 cvelist1 debiancve1 osv1 photon1