CVE-2025-0650
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
22.03.8 | unaffected | ||
24.03.5 | unaffected | ||
24.09.2 | unaffected | ||
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:22.03.7-11.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:22.06.0-273.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:22.09.2-86.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:22.12.1-107.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:23.03.3-22.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 8 | 0:23.06.4-26.el8fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:22.03.7-11.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:22.06.0-273.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:22.09.2-86.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:22.12.1-107.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:23.03.3-22.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:23.06.4-26.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:23.09.6-12.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:24.03.4-53.el9fdp < * | unaffected |
| Red Hat | Fast Datapath for Red Hat Enterprise Linux 9 | 0:24.09.1-66.el9fdp < * | unaffected |
Weaknesses
- CWE-284: Improper Access Control
Workarounds
Red Hat Product Security has not identified any mitigations at this time. We recommend updating to a known patched version of OVN.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2025:1083
- https://access.redhat.com/errata/RHSA-2025:1084
- https://access.redhat.com/errata/RHSA-2025:1085
- https://access.redhat.com/errata/RHSA-2025:1086
- https://access.redhat.com/errata/RHSA-2025:1087
- https://access.redhat.com/errata/RHSA-2025:1088
- https://access.redhat.com/errata/RHSA-2025:1089
- https://access.redhat.com/errata/RHSA-2025:1090
- https://access.redhat.com/errata/RHSA-2025:1091
- https://access.redhat.com/errata/RHSA-2025:1092
- https://access.redhat.com/errata/RHSA-2025:1093
- https://access.redhat.com/errata/RHSA-2025:1094
- https://access.redhat.com/errata/RHSA-2025:1095
- https://access.redhat.com/errata/RHSA-2025:1096
- https://access.redhat.com/errata/RHSA-2025:1097
- https://access.redhat.com/security/cve/CVE-2025-0650
- https://bugzilla.redhat.com/show_bug.cgi?id=2339537
- https://www.openwall.com/lists/oss-security/2025/01/22/5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.