CVE-2024-2182
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
20.03.0 < * | affected | ||
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:23.06.1-112.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:22.12.1-94.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:22.03.3-71.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:23.03.1-100.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:21.12.0-142.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:23.09.0-136.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:23.06.1-112.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:22.12.1-94.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:22.03.3-71.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:23.03.1-100.el9fdp < * | unaffected |
Weaknesses
- CWE-346: Origin Validation Error
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2024/03/12/5
- https://access.redhat.com/errata/RHSA-2024:1385
- https://access.redhat.com/errata/RHSA-2024:1386
- https://access.redhat.com/errata/RHSA-2024:1387
- https://access.redhat.com/errata/RHSA-2024:1388
- https://access.redhat.com/errata/RHSA-2024:1390
- https://access.redhat.com/errata/RHSA-2024:1391
- https://access.redhat.com/errata/RHSA-2024:1392
- https://access.redhat.com/errata/RHSA-2024:1393
- https://access.redhat.com/errata/RHSA-2024:1394
- https://access.redhat.com/errata/RHSA-2024:4035
- https://access.redhat.com/security/cve/CVE-2024-2182
- https://bugzilla.redhat.com/show_bug.cgi?id=2267840
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/
- https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
- https://www.openwall.com/lists/oss-security/2024/03/12/5
References
- https://access.redhat.com/errata/RHSA-2024:1385
- https://access.redhat.com/errata/RHSA-2024:1386
- https://access.redhat.com/errata/RHSA-2024:1387
- https://access.redhat.com/errata/RHSA-2024:1388
- https://access.redhat.com/errata/RHSA-2024:1390
- https://access.redhat.com/errata/RHSA-2024:1391
- https://access.redhat.com/errata/RHSA-2024:1392
- https://access.redhat.com/errata/RHSA-2024:1393
- https://access.redhat.com/errata/RHSA-2024:1394
- https://access.redhat.com/errata/RHSA-2024:4035
- https://access.redhat.com/security/cve/CVE-2024-2182
- https://bugzilla.redhat.com/show_bug.cgi?id=2267840
- https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
- https://www.openwall.com/lists/oss-security/2024/03/12/5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.