Описание
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Отчет
Red Hat Enterprise Linux 7 provides the openvswitch package only through the unsupported Optional repository. Customers are advised to install Open vSwitch (OVS) from RHEL Fast Datapath instead.
Red Hat OpenStack Platform 13/16 deployments are not affected because they use openvswitch directly from the Fast Datapath channel. A rhosp-openvswitch update will therefore not be provided at this time. Any updates will be distributed through that channel.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Fast Datapath for RHEL 7 | openvswitch | Affected | ||
| Fast Datapath for RHEL 7 | openvswitch2.10 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.11 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.12 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.13 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.15 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.11 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.12 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.13 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.15 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertise ...
EPSS
5.5 Medium
CVSS3