Crafted Geneve Packets May Cause Denial of Service and Invalid Memory Accesses in Open vSwitch
CVE-2023-3966

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Openvswitch; Fast Datapath For Rhel 7; Fast Datapath For Rhel 8; Fast Datapath For Rhel 9
Vendor: CVE Published:; 22 February 2024

Summary

A vulnerability in Open vSwitch has been identified where multiple versions are susceptible to maliciously crafted Geneve packets. This flaw has the potential to lead to denial of service by causing invalid memory accesses. Exploitation of this vulnerability necessitates that hardware offloading via the netlink path is enabled, making systems at risk particularly those that utilize specific network configurations.

Affected Version(s)

openvswitch 3.1.0

References

https://access.redhat.com/security/cve/CVE-2023-3966

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2178363

issue-trackingx_refsource_REDHAT

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2024
Vulnerability Reserved
Jul 26, 2023

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Haresh Khandelwal (Red Hat) and Timothy Redaelli (Red Hat).