{ "threat_severity" : "Moderate", "public_date" : "2024-03-12T00:00:00Z", "bugzilla" : { "description" : "ovn: insufficient validation of BFD packets may lead to denial of service", "id" : "2267840", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2267840" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-346", "details" : [ "A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.", "A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service." ], "acknowledgement" : "Red Hat would like to thank Frode Nordahl (Canonical) for reporting this issue.", "affected_release" : [ { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1385", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package" : "ovn23.06-0:23.06.1-112.el8fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1386", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package" : "ovn22.12-0:22.12.1-94.el8fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1387", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package" : "ovn22.03-0:22.03.3-71.el8fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1388", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package" : "ovn23.03-0:23.03.1-100.el8fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8", "release_date" : "2024-06-20T00:00:00Z", "advisory" : "RHSA-2024:4035", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package" : "ovn-2021-0:21.12.0-142.el8fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1390", "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package" : "ovn23.09-0:23.09.0-136.el9fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1391", "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package" : "ovn23.06-0:23.06.1-112.el9fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1392", "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package" : "ovn22.12-0:22.12.1-94.el9fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1393", "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package" : "ovn22.03-0:22.03.3-71.el9fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1394", "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package" : "ovn23.03-0:23.03.1-100.el9fdp" } ], "package_state" : [ { "product_name" : "Fast Datapath for RHEL 7", "fix_state" : "Out of support scope", "package_name" : "ovn2.11", "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 7", "fix_state" : "Out of support scope", "package_name" : "ovn2.12", "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 7", "fix_state" : "Out of support scope", "package_name" : "ovn2.13", "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 8", "fix_state" : "Out of support scope", "package_name" : "ovn2.11", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 8", "fix_state" : "Out of support scope", "package_name" : "ovn2.12", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 8", "fix_state" : "Out of support scope", "package_name" : "ovn2.13", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 8", "fix_state" : "Out of support scope", "package_name" : "ovn22.06", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 8", "fix_state" : "Out of support scope", "package_name" : "ovn22.09", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 9", "fix_state" : "Affected", "package_name" : "ovn-2021", "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 9", "fix_state" : "Out of support scope", "package_name" : "ovn22.06", "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 9", "fix_state" : "Out of support scope", "package_name" : "ovn22.09", "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-2182\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2182\nhttps://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html\nhttps://www.openwall.com/lists/oss-security/2024/03/12/5" ], "name" : "CVE-2024-2182", "csaw" : false }