CVE-2024-2182
MEDIUMOpen Virtual Network BFD Packets - Denial of Service
Title source: manualDescription
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
References (18)
Core 18
Core References
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2267840
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1385
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1386
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1387
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1388
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1390
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1391
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1392
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1393
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1394
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:4035
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-2182
Scores
CVSS v3
6.5
EPSS
0.0078
EPSS Percentile
51.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-346
Status
published
Products (13)
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8
0:21.12.0-142.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8
0:22.03.3-71.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8
0:22.12.1-94.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8
0:23.03.1-100.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8
0:23.06.1-112.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:22.03.3-71.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:22.12.1-94.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:23.03.1-100.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:23.06.1-112.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:23.09.0-136.el9fdp
... and 3 more
Published
Mar 12, 2024
Tracked Since
Feb 18, 2026