CVE-2023-1668

CVE	CVE-2023-1668
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-10 22:15:00 UTC
Updated	2023-11-26 11:15:00 UTC
Description	A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Problem Types: CWE-670

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cloudbase	Open Vswitch	All	All	All	All
Application	Cloudbase	Open Vswitch	3.1.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Application	Redhat	Fast Datapath	-	All	All	All
Application	Redhat	Openshift Container Platform	4.0	All	All	All
Application	Redhat	Openstack Platform	16.1	All	All	All
Application	Redhat	Openstack Platform	16.2	All	All	All
Application	Redhat	Openstack Platform	17.0	All	All	All
Application	Redhat	Virtualization	4.0	All	All	All

Reference	Source	Link	Tags
Bug Access Denied	MISC	bugzilla.redhat.com
[SECURITY] Fedora 38 Update: openvswitch-3.1.1-1.fc38 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Open vSwitch: Multiple Vulnerabilities (GLSA 202311-16) — Gentoo security		security.gentoo.org
oss-security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0	MISC	www.openwall.com
[SECURITY] Fedora 38 Update: openvswitch-3.1.1-1.fc38 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] [DLA 3410-1] openvswitch security update	MLIST	lists.debian.org
Debian -- Security Information -- DSA-5387-1 openvswitch	DEBIAN	www.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

181735 Debian Security Update for openvswitch (DSA 5387-1)
181760 Debian Security Update for openvswitch (DLA 3410-1)
182832 Debian Security Update for openvswitch (CVE-2023-1668)
199328 Ubuntu Security Notification for Open vSwitch Vulnerability (USN-6068-1)
284172 Fedora Security Update for openvswitch (FEDORA-2023-7da03dc2ae)
503210 Alpine Linux Security Update for openvswitch
503547 Alpine Linux Security Update for openvswitch
506147 Alpine Linux Security Update for openvswitch
506148 Alpine Linux Security Update for openvswitch
710800 Gentoo Linux Open vSwitch Multiple Vulnerabilities (GLSA 202311-16)
754034 SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2275-1)
754035 SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2274-1)
754130 SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2621-1)
906924 Common Base Linux Mariner (CBL-Mariner) Security Update for openvswitch (26031-1)