Openvswitch don't match packets on nd_target field
CVE-2023-5366
7.1HIGH
Summary
A vulnerability exists in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass established OpenFlow rules. This flaw enables a local attacker to craft specially modified packets with a spoofed target IP address, potentially redirecting ICMPv6 traffic to unintended destinations. This situation presents a significant risk, as it can be exploited to disrupt communication within virtual networks, affecting the integrity and availability of network services.
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by Alex Katz (Red Hat) and Slawomir Kaplonski (Red Hat).