CVE-2023-1668

2023-04-1000:00:00

ubuntu.com

openvswitch

ip packet

datapath flow

protocol 0

incorrect action

handling

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

0.002 Low

EPSS

Percentile

56.0%

JSON

A flaw was found in openvswitch (OVS). When processing an IP packet with
protocol 0, OVS will install the datapath flow without the action modifying
the IP header. This issue results (for both kernel and userspace datapath)
in installing a datapath flow matching all IP protocols (nw_proto is
wildcarded) for this flow, but with an incorrect action, possibly causing
incorrect handling of other IP packets with a != 0 IP protocol that matches
this dp flow.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopenvswitch< 2.9.8-0ubuntu0.18.04.5UNKNOWN
ubuntu20.04noarchopenvswitch< 2.13.8-0ubuntu1.2UNKNOWN
ubuntu22.04noarchopenvswitch< 2.17.5-0ubuntu0.22.04.2UNKNOWN
ubuntu22.10noarchopenvswitch< 3.0.3-0ubuntu0.22.10.3UNKNOWN
ubuntu23.04noarchopenvswitch< 3.1.0-1ubuntu1UNKNOWN
ubuntu23.10noarchopenvswitch< 3.1.0-1ubuntu1UNKNOWN
ubuntu24.04noarchopenvswitch< 3.1.0-1ubuntu1UNKNOWN
ubuntu16.04noarchopenvswitch< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	openvswitch	< 2.9.8-0ubuntu0.18.04.5	UNKNOWN
ubuntu	20.04	noarch	openvswitch	< 2.13.8-0ubuntu1.2	UNKNOWN
ubuntu	22.04	noarch	openvswitch	< 2.17.5-0ubuntu0.22.04.2	UNKNOWN
ubuntu	22.10	noarch	openvswitch	< 3.0.3-0ubuntu0.22.10.3	UNKNOWN
ubuntu	23.04	noarch	openvswitch	< 3.1.0-1ubuntu1	UNKNOWN
ubuntu	23.10	noarch	openvswitch	< 3.1.0-1ubuntu1	UNKNOWN
ubuntu	24.04	noarch	openvswitch	< 3.1.0-1ubuntu1	UNKNOWN
ubuntu	16.04	noarch	openvswitch	< any	UNKNOWN