Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-5366

Published: 6 October 2023

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

Notes

AuthorNote
mdeslaur 
This was originally marked as fixed in USN-6514-1, but the fix
was incomplete. See the ovs-announce list post for the new
commits to fix this issue.
The bp commits below are required in addition to the other
commits.

Priority

Medium

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
openvswitch
Launchpad, Ubuntu, Debian 		bionic Needed

focal
Released (2.13.8-0ubuntu1.4)
jammy
Released (2.17.9-0ubuntu0.22.04.1)
lunar Ignored
(end of life)
mantic
Released (3.2.2-0ubuntu0.23.10.1)
trusty Ignored
(end of standard support)
upstream
Released (3.2.2,3.1.4,3.0.6,2.17.9)
xenial Ignored
(changes too intrusive)
Patches:
upstream: https://github.com/openvswitch/ovs/commit/61003d0280625e15796f18d14ce1b5f46e560f3e
upstream: https://github.com/openvswitch/ovs/commit/7570744c5add3a91b468c4ffa5bc73ef1f5bb18a
upstream: https://github.com/openvswitch/ovs/commit/d3f9eab1abbb6a11c2a166472c184f54fd740bf1
upstream: https://github.com/openvswitch/ovs/commit/a6c0a3deb268f34faef0062e2c05ece563d50ecb
upstream: https://github.com/openvswitch/ovs/commit/e235a421fbdb0c70176e8a3bef13bf7e2056cbc1
upstream: https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459
upstream: https://github.com/openvswitch/ovs/commit/489553b1c21692063931a9f50b6849b23128443c
upstream: https://github.com/openvswitch/ovs/commit/132fa24b656e1bc45b6ce8ee9ab0206fa6930f65

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading