CVE-2023-1668 — HIGH (8.2) — White Hats Nepal

Q: How severe is CVE-2023-1668?

CVE-2023-1668 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-1668?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudbase Open Vswitch, Debian Debian Linux, Redhat Openshift Container Platform, Redhat Openstack Platform, Redhat Virtualization.

Vulnerability Description

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cloudbase	Open Vswitch	>= 1.5.0, < 2.13.11
Debian	Debian Linux	11.0
Redhat	Openshift Container Platform	4.0
Redhat	Openstack Platform	16.1
Redhat	Virtualization	4.0
Redhat	Fast Datapath	-
Redhat	Enterprise Linux	7.0

Related Weaknesses (CWE)

CWE-670

References

https://bugzilla.redhat.com/show_bug.cgi?id=2137666Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202311-16
https://www.debian.org/security/2023/dsa-5387Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/04/06/1Mailing ListMitigationPatch
https://bugzilla.redhat.com/show_bug.cgi?id=2137666Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202311-16
https://www.debian.org/security/2023/dsa-5387Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/04/06/1Mailing ListMitigationPatch

FAQ

What is CVE-2023-1668?

CVE-2023-1668 is a vulnerability with a CVSS score of 8.2 (HIGH). A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel ...

How severe is CVE-2023-1668?

CVE-2023-1668 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1668?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudbase Open Vswitch, Debian Debian Linux, Redhat Openshift Container Platform, Redhat Openstack Platform, Redhat Virtualization.