CVE-2023-5366

2023-10-0600:00:00

ubuntu.com

open vswitch

icmpv6

neighbor advertisement

openflow rules

spoofed ip address

traffic redirection

bugzilla

usn-6514-1

ovs-announce list post

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement
packets between virtual machines to bypass OpenFlow rules. This issue may
allow a local attacker to create specially crafted packets with a modified
or spoofed target IP address field that can redirect ICMPv6 traffic to
arbitrary IP addresses.

Bugs

Notes

Author	Note
mdeslaur	This was originally marked as fixed in USN-6514-1, but the fix was incomplete. See the ovs-announce list post for the new commits to fix this issue. The bp commits below are required in addition to the other commits.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopenvswitch< anyUNKNOWN
ubuntu20.04noarchopenvswitch< 2.13.8-0ubuntu1.4UNKNOWN
ubuntu22.04noarchopenvswitch< 2.17.9-0ubuntu0.22.04.1UNKNOWN
ubuntu23.10noarchopenvswitch< 3.2.2-0ubuntu0.23.10.1UNKNOWN
ubuntu24.04noarchopenvswitch< 3.3.0~git20240118.e802fe7-3ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	openvswitch	< any	UNKNOWN
ubuntu	20.04	noarch	openvswitch	< 2.13.8-0ubuntu1.4	UNKNOWN
ubuntu	22.04	noarch	openvswitch	< 2.17.9-0ubuntu0.22.04.1	UNKNOWN
ubuntu	23.10	noarch	openvswitch	< 3.2.2-0ubuntu0.23.10.1	UNKNOWN
ubuntu	24.04	noarch	openvswitch	< 3.3.0~git20240118.e802fe7-3ubuntu1	UNKNOWN