{
  "threat_severity" : "Important",
  "public_date" : "2024-02-08T00:00:00Z",
  "bugzilla" : {
    "description" : "openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet",
    "id" : "2178363",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-248",
  "details" : [ "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.", "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled." ],
  "acknowledgement" : "This issue was discovered by Haresh Khandelwal (Red Hat) and Timothy Redaelli (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2024-03-07T00:00:00Z",
    "advisory" : "RHSA-2024:1234",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "openvswitch2.17-0:2.17.0-148.el8fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2024-03-07T00:00:00Z",
    "advisory" : "RHSA-2024:1235",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "openvswitch3.1-0:3.1.0-96.el8fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2024-03-07T00:00:00Z",
    "advisory" : "RHSA-2024:1227",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "openvswitch3.1-0:3.1.0-88.el9fdp"
  } ],
  "package_state" : [ {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.10",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.13",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.13",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.15",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.16",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch2.17",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch3.0",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Will not fix",
    "package_name" : "openvswitch3.2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Not affected",
    "package_name" : "openvswitch-ovn-kubernetes",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-3966\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3966" ],
  "name" : "CVE-2023-3966",
  "csaw" : false
}