A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| cloudbase | open_vswitch | 1.5.0 - 2.13.11 | - |
| cloudbase | open_vswitch | 2.14.0 - 2.14.9 | - |
| cloudbase | open_vswitch |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
14
Affected Products
12
References
cloudbase / open_vswitch
| 2.15.0 - 2.15.8 |
| - |
| cloudbase | open_vswitch | 2.16.0 - 2.16.7 | - |
| cloudbase | open_vswitch | 2.17.0 - 2.17.6 | - |
| cloudbase | open_vswitch | 3.0.0 - 3.0.4 | - |
| cloudbase | open_vswitch | - | - |
| debian | debian_linux | - | - |
| redhat | openshift_container_platform | - | - |
| redhat | openstack_platform | - | - |
| redhat | openstack_platform | - | - |
| redhat | openstack_platform | - | - |
| redhat | virtualization | - | - |
| redhat | fast_datapath | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Exploitability
Impact