RHSA-2026:11701
Vulnerability from csaf_redhat - Published: 2026-04-29 12:44 - Updated: 2026-04-29 18:27Summary
Red Hat Security Advisory: ovn25.03 security update
Severity
Important
Notes
Topic: An update for ovn25.03 is now available for Fast Datapath for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups.
Security Fix(es):
* ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265)
* ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11701
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
8.6 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11701
Workaround
The only potential mitigation is to disable the DHCPv6 feature for
workloads attached to OVN logical ports, e.g.:
ovn-nbctl clear logical_switch_port <workload-port> dhcpv6_options.
We do not recommend mitigating the vulnerability this way because it
will also disable legitimate DHCPv6 traffic originating from
workloads connected to logical switch ports.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ovn25.03 is now available for Fast Datapath for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups.\n\nSecurity Fix(es):\n\n* ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265)\n\n* ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11701",
"url": "https://access.redhat.com/errata/RHSA-2026:11701"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2453458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453458"
},
{
"category": "external",
"summary": "2455863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455863"
},
{
"category": "external",
"summary": "FDP-3262",
"url": "https://issues.redhat.com/browse/FDP-3262"
},
{
"category": "external",
"summary": "FDP-3487",
"url": "https://issues.redhat.com/browse/FDP-3487"
},
{
"category": "external",
"summary": "FDP-3499",
"url": "https://issues.redhat.com/browse/FDP-3499"
},
{
"category": "external",
"summary": "FDP-3540",
"url": "https://issues.redhat.com/browse/FDP-3540"
},
{
"category": "external",
"summary": "FDP-3696",
"url": "https://issues.redhat.com/browse/FDP-3696"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11701.json"
}
],
"title": "Red Hat Security Advisory: ovn25.03 security update",
"tracking": {
"current_release_date": "2026-04-29T18:27:22+00:00",
"generator": {
"date": "2026-04-29T18:27:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2026:11701",
"initial_release_date": "2026-04-29T12:44:55+00:00",
"revision_history": [
{
"date": "2026-04-29T12:44:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T12:44:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-29T18:27:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fast Datapath for Red Hat Enterprise Linux 9",
"product": {
"name": "Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
}
}
}
],
"category": "product_family",
"name": "Fast Datapath"
},
{
"branches": [
{
"category": "product_version",
"name": "ovn25.03-0:25.03.2-100.el9fdp.src",
"product": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.src",
"product_id": "ovn25.03-0:25.03.2-100.el9fdp.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03@25.03.2-100.el9fdp?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03@25.03.2-100.el9fdp?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-central@25.03.2-100.el9fdp?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-host@25.03.2-100.el9fdp?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-vtep@25.03.2-100.el9fdp?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-debugsource@25.03.2-100.el9fdp?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-central-debuginfo@25.03.2-100.el9fdp?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-debuginfo@25.03.2-100.el9fdp?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-host-debuginfo@25.03.2-100.el9fdp?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product": {
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product_id": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-vtep-debuginfo@25.03.2-100.el9fdp?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03@25.03.2-100.el9fdp?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-central@25.03.2-100.el9fdp?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-host@25.03.2-100.el9fdp?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-vtep@25.03.2-100.el9fdp?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-debugsource@25.03.2-100.el9fdp?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-central-debuginfo@25.03.2-100.el9fdp?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-debuginfo@25.03.2-100.el9fdp?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-host-debuginfo@25.03.2-100.el9fdp?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product": {
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product_id": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-vtep-debuginfo@25.03.2-100.el9fdp?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03@25.03.2-100.el9fdp?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-central@25.03.2-100.el9fdp?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-host@25.03.2-100.el9fdp?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-vtep@25.03.2-100.el9fdp?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-debugsource@25.03.2-100.el9fdp?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-central-debuginfo@25.03.2-100.el9fdp?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-debuginfo@25.03.2-100.el9fdp?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-host-debuginfo@25.03.2-100.el9fdp?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product": {
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product_id": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-vtep-debuginfo@25.03.2-100.el9fdp?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ovn25.03-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03@25.03.2-100.el9fdp?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-central@25.03.2-100.el9fdp?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-host@25.03.2-100.el9fdp?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-vtep@25.03.2-100.el9fdp?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-debugsource@25.03.2-100.el9fdp?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-central-debuginfo@25.03.2-100.el9fdp?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-debuginfo@25.03.2-100.el9fdp?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-host-debuginfo@25.03.2-100.el9fdp?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product": {
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product_id": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovn25.03-vtep-debuginfo@25.03.2-100.el9fdp?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.src as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src"
},
"product_reference": "ovn25.03-0:25.03.2-100.el9fdp.src",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-central-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-host-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64"
},
"product_reference": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le"
},
"product_reference": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x"
},
"product_reference": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"relates_to_product_reference": "9Base-Fast-Datapath"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64 as a component of Fast Datapath for Red Hat Enterprise Linux 9",
"product_id": "9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
},
"product_reference": "ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"relates_to_product_reference": "9Base-Fast-Datapath"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-5265",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453458"
}
],
"notes": [
{
"category": "description",
"text": "When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header\u0027s self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5265"
},
{
"category": "external",
"summary": "RHBZ#2453458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5265",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5265"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5265",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5265"
}
],
"release_date": "2026-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T12:44:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11701"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue"
},
{
"cve": "CVE-2026-5367",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-04-07T08:10:53.507000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker\u0027s virtual machine port.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ovn: OVN: Information disclosure via crafted DHCPv6 packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An Important information disclosure flaw exists in OVN (Open Virtual Network) where a remote attacker can send specially crafted DHCPv6 SOLICIT packets to the `ovn-controller`. This can lead to an out-of-bounds read, disclosing sensitive heap memory information back to the attacker\u0027s virtual machine port. This vulnerability affects OVN deployments where DHCPv6 is enabled for logical switch ports.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5367"
},
{
"category": "external",
"summary": "RHBZ#2455863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5367",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5367"
}
],
"release_date": "2026-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T12:44:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11701"
},
{
"category": "workaround",
"details": "The only potential mitigation is to disable the DHCPv6 feature for\nworkloads attached to OVN logical ports, e.g.:\n\novn-nbctl clear logical_switch_port \u003cworkload-port\u003e dhcpv6_options.\n\nWe do not recommend mitigating the vulnerability this way because it\nwill also disable legitimate DHCPv6 traffic originating from\nworkloads connected to logical switch ports.",
"product_ids": [
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.src",
"9Base-Fast-Datapath:ovn25.03-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-central-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-debugsource-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-host-debuginfo-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-0:25.03.2-100.el9fdp.x86_64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.aarch64",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.ppc64le",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.s390x",
"9Base-Fast-Datapath:ovn25.03-vtep-debuginfo-0:25.03.2-100.el9fdp.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ovn: OVN: Information disclosure via crafted DHCPv6 packets"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…