SUSE-SU-2026:20049-1
Vulnerability from csaf_suse - Published: 2026-01-09 10:54 - Updated: 2026-01-09 10:54Summary
Security update for openvswitch
Notes
Title of the patch
Security update for openvswitch
Description of the patch
This update for openvswitch fixes the following issues:
Update OpenvSwitch to v3.1.7 and OVN to v23.03.3.
Security issues fixed:
- CVE-2023-3966: ovs: invalid memory access and potential denial of service via specially crafted Geneve packets
(bsc#1219465).
- CVE-2023-5366: ovs: OpenFlow rules may be bypassed via specially crafted ICMPv6 Neighbor Advertisement packets sent
between virtual machines t(bsc#1216002).
- CVE-2024-2182: ovn: denial of service via injection of specially crafted BFD packets from inside unprivileged
workloads (bsc#1255435).
- CVE-2025-0650: ovn: egress ACLs may be bypassed via specially crafted UDP packet (bsc#1236353).
Other updates and bugfixes:
- OpenvSwitch:
* https://www.openvswitch.org/releases/NEWS-3.1.7.txt
* v3.1.7
- Bug fixes
- OVS validated with DPDK 22.11.7.
* v3.1.6
- Bug fixes
- OVS validated with DPDK 22.11.6.
* v3.1.5
- Bug fixes
- OVS validated with DPDK 22.11.5.
* v3.1.4
- Bug fixes
- OVS validated with DPDK 22.11.4.
- OVN:
* https://github.com/ovn-org/ovn/blob/branch-23.03/NEWS
* v23.03.3
- Bug fixes
- Add "garp-max-timeout-sec" config option to vswitchd external-ids to cap the time between when ovn-controller
sends gARP packets.
* v23.03.1
- Bug fixes
- CT entries are not flushed by default anymore whenever a load balancer backend is removed. A new, per-LB, option
'ct_flush' can be used to restore the previous behavior. Disabled by default.
- Always allow IPv6 Router Discovery, Neighbor Discovery, and Multicast Listener Discovery protocols, regardless of
ACLs defined.
- Send ICMP Fragmentation Needed packets back to offending ports when communicating with multichassis ports using
frames that don't fit through a tunnel. This is done only for logical switches that are attached to a physical
network via a localnet port, in which case multichassis ports may have an effective MTU different from regular
ports and hence may need this mechanism to maintain connectivity with other peers in the network.
- ECMP routes use L4_SYM dp-hash by default if the datapath supports it. Existing sessions might get re-hashed to a
different ECMP path when OVN detects the algorithm support in the datapath during an upgrade or restart of
ovn-controller.
Patchnames
SUSE-SLE-Micro-6.0-554
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openvswitch",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openvswitch fixes the following issues:\n\nUpdate OpenvSwitch to v3.1.7 and OVN to v23.03.3.\n\nSecurity issues fixed:\n\n- CVE-2023-3966: ovs: invalid memory access and potential denial of service via specially crafted Geneve packets\n (bsc#1219465).\n- CVE-2023-5366: ovs: OpenFlow rules may be bypassed via specially crafted ICMPv6 Neighbor Advertisement packets sent\n between virtual machines t(bsc#1216002).\n- CVE-2024-2182: ovn: denial of service via injection of specially crafted BFD packets from inside unprivileged\n workloads (bsc#1255435).\n- CVE-2025-0650: ovn: egress ACLs may be bypassed via specially crafted UDP packet (bsc#1236353).\n\nOther updates and bugfixes:\n\n- OpenvSwitch:\n * https://www.openvswitch.org/releases/NEWS-3.1.7.txt\n * v3.1.7\n - Bug fixes\n - OVS validated with DPDK 22.11.7.\n * v3.1.6\n - Bug fixes\n - OVS validated with DPDK 22.11.6.\n * v3.1.5\n - Bug fixes\n - OVS validated with DPDK 22.11.5.\n * v3.1.4\n - Bug fixes\n - OVS validated with DPDK 22.11.4.\n- OVN:\n * https://github.com/ovn-org/ovn/blob/branch-23.03/NEWS\n * v23.03.3\n - Bug fixes\n - Add \"garp-max-timeout-sec\" config option to vswitchd external-ids to cap the time between when ovn-controller\n sends gARP packets.\n * v23.03.1\n - Bug fixes\n - CT entries are not flushed by default anymore whenever a load balancer backend is removed. A new, per-LB, option\n \u0027ct_flush\u0027 can be used to restore the previous behavior. Disabled by default.\n - Always allow IPv6 Router Discovery, Neighbor Discovery, and Multicast Listener Discovery protocols, regardless of\n ACLs defined.\n - Send ICMP Fragmentation Needed packets back to offending ports when communicating with multichassis ports using\n frames that don\u0027t fit through a tunnel. This is done only for logical switches that are attached to a physical\n network via a localnet port, in which case multichassis ports may have an effective MTU different from regular\n ports and hence may need this mechanism to maintain connectivity with other peers in the network.\n - ECMP routes use L4_SYM dp-hash by default if the datapath supports it. Existing sessions might get re-hashed to a\n different ECMP path when OVN detects the algorithm support in the datapath during an upgrade or restart of\n ovn-controller.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-554",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20049-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20049-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620049-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20049-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023759.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216002",
"url": "https://bugzilla.suse.com/1216002"
},
{
"category": "self",
"summary": "SUSE Bug 1219465",
"url": "https://bugzilla.suse.com/1219465"
},
{
"category": "self",
"summary": "SUSE Bug 1236353",
"url": "https://bugzilla.suse.com/1236353"
},
{
"category": "self",
"summary": "SUSE Bug 1255435",
"url": "https://bugzilla.suse.com/1255435"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3966 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5366 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2182 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0650 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0650/"
}
],
"title": "Security update for openvswitch",
"tracking": {
"current_release_date": "2026-01-09T10:54:58Z",
"generator": {
"date": "2026-01-09T10:54:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20049-1",
"initial_release_date": "2026-01-09T10:54:58Z",
"revision_history": [
{
"date": "2026-01-09T10:54:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"product": {
"name": "libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"product_id": "libopenvswitch-3_1-0-3.1.7-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "openvswitch-3.1.7-4.1.aarch64",
"product": {
"name": "openvswitch-3.1.7-4.1.aarch64",
"product_id": "openvswitch-3.1.7-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"product": {
"name": "libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"product_id": "libopenvswitch-3_1-0-3.1.7-4.1.s390x"
}
},
{
"category": "product_version",
"name": "openvswitch-3.1.7-4.1.s390x",
"product": {
"name": "openvswitch-3.1.7-4.1.s390x",
"product_id": "openvswitch-3.1.7-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"product": {
"name": "libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"product_id": "libopenvswitch-3_1-0-3.1.7-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "openvswitch-3.1.7-4.1.x86_64",
"product": {
"name": "openvswitch-3.1.7-4.1.x86_64",
"product_id": "openvswitch-3.1.7-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenvswitch-3_1-0-3.1.7-4.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64"
},
"product_reference": "libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenvswitch-3_1-0-3.1.7-4.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x"
},
"product_reference": "libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenvswitch-3_1-0-3.1.7-4.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64"
},
"product_reference": "libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvswitch-3.1.7-4.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64"
},
"product_reference": "openvswitch-3.1.7-4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvswitch-3.1.7-4.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x"
},
"product_reference": "openvswitch-3.1.7-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvswitch-3.1.7-4.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
},
"product_reference": "openvswitch-3.1.7-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3966"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3966",
"url": "https://www.suse.com/security/cve/CVE-2023-3966"
},
{
"category": "external",
"summary": "SUSE Bug 1219465 for CVE-2023-3966",
"url": "https://bugzilla.suse.com/1219465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-09T10:54:58Z",
"details": "important"
}
],
"title": "CVE-2023-3966"
},
{
"cve": "CVE-2023-5366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5366"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5366",
"url": "https://www.suse.com/security/cve/CVE-2023-5366"
},
{
"category": "external",
"summary": "SUSE Bug 1216002 for CVE-2023-5366",
"url": "https://bugzilla.suse.com/1216002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-09T10:54:58Z",
"details": "important"
}
],
"title": "CVE-2023-5366"
},
{
"cve": "CVE-2024-2182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2182"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2182",
"url": "https://www.suse.com/security/cve/CVE-2024-2182"
},
{
"category": "external",
"summary": "SUSE Bug 1255435 for CVE-2024-2182",
"url": "https://bugzilla.suse.com/1255435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-09T10:54:58Z",
"details": "moderate"
}
],
"title": "CVE-2024-2182"
},
{
"cve": "CVE-2025-0650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0650"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0650",
"url": "https://www.suse.com/security/cve/CVE-2025-0650"
},
{
"category": "external",
"summary": "SUSE Bug 1236353 for CVE-2025-0650",
"url": "https://bugzilla.suse.com/1236353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:libopenvswitch-3_1-0-3.1.7-4.1.x86_64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.aarch64",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.s390x",
"SUSE Linux Micro 6.0:openvswitch-3.1.7-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-09T10:54:58Z",
"details": "important"
}
],
"title": "CVE-2025-0650"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…