ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...

RHEL 10 : ovn25.09 (RHSA-2026:22111)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22111 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

CVE-2026-40243

A flaw was found in Incus, a system container and virtual machine manager. The Open Virtual Network OVN database connection logic contains broken Transport Layer Security TLS validation. A remote attacker, by impersonating or intercepting the OVN endpoint on the management network, can present a...

SUSE CVE-2026-40243

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

CVE-2026-40243

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

CVE-2026-40243

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

GHSA-C839-4QXR-J4X3 Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

PT-2026-37102

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Broken TLS validation logic in the OVN database connection logic allows connections to an attacker's OVN database. The OVN client implementations disable standard Go TLS server verification and use a...

RHSA-2026:11694 Red Hat Security Advisory: ovn-2021 security update

Bulletin has no description...

RHEL 9 : ovn25.09 (RHSA-2026:11702)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11702 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

RHEL 8 : ovn-2021 (RHSA-2026:11694)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11694 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

RHEL 9 : ovn23.06 (RHSA-2026:11696)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11696 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

RHEL 9 : ovn23.09 (RHSA-2026:11698)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11698 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

Important: Red Hat Security Advisory: ovn24.03 security update

An update for ovn24.03 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...