Antrea has invalid enforcement order for network policy rules caused by integer overflow

Impact Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. If a user creates ...

Fedora 40 : openvswitch (2024-1f26ce7731)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1f26ce7731 advisory. Update to 3.3.0 Remove network-scripts subpackage starting from Fedora 40 Backport a simple fix to avoid SSL db: implementation test to fail It also...

Fedora 39 : openvswitch (2024-a4530e9bfe)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a4530e9bfe advisory. Update to 3.2.2 It indirectly fix CVE-2023-3966 and CVE-2023-5366 Tenable has extracted the preceding description block directly from the Fedora...

openvswitch: openvswitch don't match packets on nd_target field

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

openvswitch: openvswitch don't match packets on nd_target field

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

openvswitch: openvswitch don't match packets on nd_target field

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

openvswitch: openvswitch don't match packets on nd_target field

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

Debian dla-3734 : openvswitch-common - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3734 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3734-1 [email protected] https://www.debian.org/lts/security/...

SUSE SLES15 Security Update : openvswitch (SUSE-SU-2023:4714-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4714-1 advisory. - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This...

SUSE SLES15 / openSUSE 15 Security Update : openvswitch3 (SUSE-SU-2023:4657-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4657-1 advisory. - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFl...

SUSE SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:4666-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4666-1 advisory. - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFl...

SUSE SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:4661-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4661-1 advisory. - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFl...

SUSE SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:4573-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4573-1 advisory. - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFl...

Ubuntu 18.04 ESM / 20.04 LTS : Open vSwitch vulnerability (USN-6514-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6514-1 advisory. It was discovered that Open vSwitch did not correctly handle OpenFlow rules for ICMPv6 Neighbour Advertisement packets. A local attacker could possibl...

SUSE SLES15 Security Update : openvswitch (SUSE-SU-2023:4508-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4508-1 advisory. - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This...

CVE-2023-5366

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

CVE-2023-5366

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

CVE-2023-5366

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

CVE-2023-5366

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

CVE-2023-5366

CVE-2023-5366 affects Open vSwitch. The flaw allows ICMPv6 Neighbor Advertisement packets between VMs to bypass OpenFlow rules, enabling a local attacker to craft packets with a spoofed target IP to redirect ICMPv6 traffic. Connected advisories confirm patched/Open vSwitch versions are available ...