CVE-2023-1668
HIGHOpen vSwitch 1.5.0-2.13.10 - Always-Incorrect Control Flow Implementation in IP Packet Handling
Title source: llmDescription
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
References (6)
Core 6
Core References
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2137666
Mailing List, Mitigation, Patch
https://www.openwall.com/lists/oss-security/2023/04/06/1
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5387
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-16
Scores
CVSS v3
8.2
EPSS
0.0123
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-670
Status
published
Products (9)
cloudbase/open_vswitch
3.1.0
cloudbase/open_vswitch
1.5.0 - 2.13.11
debian/debian_linux
11.0
redhat/fast_datapath
redhat/openshift_container_platform
4.0
redhat/openstack_platform
16.1
redhat/openstack_platform
16.2
redhat/openstack_platform
17.0
redhat/virtualization
4.0
Published
Apr 10, 2023
Tracked Since
Feb 18, 2026