CVE-2026-5367

HIGH

Ovn: ovn: information disclosure via crafted dhcpv6 packets

Title source: cna
STIX 2.1

Description

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

References (11)

Scores

CVSS v3 8.6
EPSS 0.0006
EPSS Percentile 18.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-130
Status published
Products (12)
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8 0:21.12.0-145.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8 0:23.06.4-30.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9 0:23.06.4-30.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9 0:23.09.6-16.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9 0:24.03.7-82.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9 0:25.03.2-100.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9 0:25.09.2-103.el9fdp
Red Hat/Fast Datapath for RHEL 10
Red Hat/Fast Datapath for RHEL 7
Red Hat/Fast Datapath for RHEL 8
... and 2 more
Published Apr 24, 2026
Tracked Since Apr 24, 2026