Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-1668

Published: 10 April 2023

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Priority

Medium

Cvss 3 Severity Score

8.2

Score breakdown

Status

Package Release Status
openvswitch
Launchpad, Ubuntu, Debian 		bionic
Released (2.9.8-0ubuntu0.18.04.5)
focal
Released (2.13.8-0ubuntu1.2)
jammy
Released (2.17.5-0ubuntu0.22.04.2)
kinetic
Released (3.0.3-0ubuntu0.22.10.3)
lunar
Released (3.1.0-1ubuntu1)
mantic
Released (3.1.0-1ubuntu1)
noble
Released (3.1.0-1ubuntu1)
trusty Ignored
(end of standard support)
upstream Needs triage

xenial Needs triage

Patches:
upstream: https://github.com/openvswitch/ovs/commit/9d840923d32124fe427de76e8234c49d64e4bb77
upstream: https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9
upstream: https://github.com/openvswitch/ovs/commit/0ec9af260ad84225e758d249fa32151ddf8a6520
upstream: https://github.com/openvswitch/ovs/commit/27fb5db7f727ffc056f024f9ba4936facccb5f40
upstream: https://github.com/openvswitch/ovs/commit/42f2b4b9b9a3c11d38f180bf1e35c47b77cd4ce8
upstream: https://github.com/openvswitch/ovs/commit/f36509fd64e339ffd33593451099be6baa12ffe6
upstream: https://github.com/openvswitch/ovs/commit/b46505f4d26cd4612a533687e7884efcb7a74111
upstream: https://github.com/openvswitch/ovs/commit/7fa0106e8594c34f9e16efd87a58e38a947c6c5b

Severity score breakdown

Parameter Value
Base score 8.2
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading