All the vulnerabilites related to Red Hat - Fast Datapath for Red Hat Enterprise Linux 9
cve-2024-2182
Vulnerability from cvelistv5
Published
2024-03-12 16:18
Modified
2024-11-15 15:29
Severity ?
EPSS score ?
Summary
Ovn: insufficient validation of bfd packets may lead to denial of service
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2182", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-13T14:24:40.610508Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:21.535Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:03:39.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/12/5" }, { "name": "RHSA-2024:1385", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1385" }, { "name": "RHSA-2024:1386", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1386" }, { "name": "RHSA-2024:1387", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1387" }, { "name": "RHSA-2024:1388", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1388" }, { "name": "RHSA-2024:1390", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1390" }, { "name": "RHSA-2024:1391", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1391" }, { "name": "RHSA-2024:1392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1392" }, { "name": "RHSA-2024:1393", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1393" }, { "name": "RHSA-2024:1394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1394" }, { "name": "RHSA-2024:4035", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4035" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-2182" }, { "name": "RHBZ#2267840", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267840" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/" }, { "tags": [ "x_transferred" ], "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2024/03/12/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://www.github.com/ovn-org/ovn/", "defaultStatus": "unaffected", "packageName": "ovn", "versions": [ { "lessThan": "*", "status": "affected", "version": "20.03.0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.06", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.06.1-112.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.12", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.12.1-94.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.03", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.03.3-71.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.03", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.03.1-100.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn-2021", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:21.12.0-142.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.09", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.09.0-136.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.06", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.06.1-112.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.12", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.12.1-94.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.03", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.03.3-71.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.03", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.03.1-100.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.11", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.12", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.13", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.11", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.12", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.13", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn22.06", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn22.09", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn-2021", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn22.06", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn22.09", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Frode Nordahl (Canonical) for reporting this issue." } ], "datePublic": "2024-03-12T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-346", "description": "Origin Validation Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:29:03.042Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1385", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1385" }, { "name": "RHSA-2024:1386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1386" }, { "name": "RHSA-2024:1387", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1387" }, { "name": "RHSA-2024:1388", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1388" }, { "name": "RHSA-2024:1390", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1390" }, { "name": "RHSA-2024:1391", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1391" }, { "name": "RHSA-2024:1392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1392" }, { "name": "RHSA-2024:1393", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1393" }, { "name": "RHSA-2024:1394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1394" }, { "name": "RHSA-2024:4035", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4035" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-2182" }, { "name": "RHBZ#2267840", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267840" }, { "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html" }, { "url": "https://www.openwall.com/lists/oss-security/2024/03/12/5" } ], "timeline": [ { "lang": "en", "time": "2024-03-04T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-12T00:00:00+00:00", "value": "Made public." } ], "title": "Ovn: insufficient validation of bfd packets may lead to denial of service", "x_redhatCweChain": "CWE-346: Origin Validation Error" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-2182", "datePublished": "2024-03-12T16:18:31.829Z", "dateReserved": "2024-03-05T00:40:55.429Z", "dateUpdated": "2024-11-15T15:29:03.042Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }