Openvswitch don't match packets on nd_target field
CVE-2023-5366

7.1HIGH

Key Information:

Vendor
Red Hat
Vendor
CVE Published:
6 October 2023

Summary

A vulnerability exists in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass established OpenFlow rules. This flaw enables a local attacker to craft specially modified packets with a spoofed target IP address, potentially redirecting ICMPv6 traffic to unintended destinations. This situation presents a significant risk, as it can be exploited to disrupt communication within virtual networks, affecting the integrity and availability of network services.

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Alex Katz (Red Hat) and Slawomir Kaplonski (Red Hat).
.