{
  "threat_severity" : "Important",
  "public_date" : "2024-01-21T00:00:00Z",
  "bugzilla" : {
    "description" : "ovn: egress ACLs may be bypassed via specially crafted UDP packet",
    "id" : "2339537",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2339537"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-284",
  "details" : [ "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.", "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network." ],
  "statement" : "Fixes for OpenShift Container Platform ovn component will be consumed from RHEL Fast Datapath.",
  "affected_release" : [ {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1083",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "ovn22.03-0:22.03.7-11.el8fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1084",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "ovn22.06-0:22.06.0-273.el8fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "ovn22.09-0:22.09.2-86.el8fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1086",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "ovn22.12-0:22.12.1-107.el8fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1087",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "ovn23.03-0:23.03.3-22.el8fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1088",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "ovn23.06-0:23.06.4-26.el8fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1089",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn22.03-0:22.03.7-11.el9fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1090",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn22.06-0:22.06.0-273.el9fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1091",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn22.09-0:22.09.2-86.el9fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1092",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn22.12-0:22.12.1-107.el9fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1093",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn23.03-0:23.03.3-22.el9fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1094",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn23.06-0:23.06.4-26.el9fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1095",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn23.09-0:23.09.6-12.el9fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1096",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn24.03-0:24.03.4-53.el9fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-05T00:00:00Z",
    "advisory" : "RHSA-2025:1097",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath",
    "package" : "ovn24.09-0:24.09.1-66.el9fdp"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ovn22.06",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ovn22.09",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ovn22.12",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ovn23.03",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "ovn23.06",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "ovn23.09",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "ovn24.03",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "ovn24.09",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-0650\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0650\nhttps://www.openwall.com/lists/oss-security/2025/01/22/5" ],
  "name" : "CVE-2025-0650",
  "mitigation" : {
    "value" : "Red Hat Product Security has not identified any mitigations at this time. We recommend updating to a known patched version of OVN.",
    "lang" : "en:us"
  },
  "csaw" : false
}