CVE-2025-0650 - Vulnerability Details

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Openshift

No data.

Package	CPE	Advisory	Released Date
Fast Datapath for Red Hat Enterprise Linux 8
ovn22.03-0:22.03.7-11.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2025:1083	2025-02-05T00:00:00Z
ovn22.06-0:22.06.0-273.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2025:1084	2025-02-05T00:00:00Z
ovn22.09-0:22.09.2-86.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2025:1085	2025-02-05T00:00:00Z
ovn22.12-0:22.12.1-107.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2025:1086	2025-02-05T00:00:00Z
ovn23.03-0:23.03.3-22.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2025:1087	2025-02-05T00:00:00Z
ovn23.06-0:23.06.4-26.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2025:1088	2025-02-05T00:00:00Z
Fast Datapath for Red Hat Enterprise Linux 9
ovn22.03-0:22.03.7-11.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1089	2025-02-05T00:00:00Z
ovn22.06-0:22.06.0-273.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1090	2025-02-05T00:00:00Z
ovn22.09-0:22.09.2-86.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1091	2025-02-05T00:00:00Z
ovn22.12-0:22.12.1-107.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1092	2025-02-05T00:00:00Z
ovn23.03-0:23.03.3-22.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1093	2025-02-05T00:00:00Z
ovn23.06-0:23.06.4-26.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1094	2025-02-05T00:00:00Z
ovn23.09-0:23.09.6-12.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1095	2025-02-05T00:00:00Z
ovn24.03-0:24.03.4-53.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1096	2025-02-05T00:00:00Z
ovn24.09-0:24.09.1-66.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:1097	2025-02-05T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2025/01/22/11
https://access.redhat.com/errata/RHSA-2025:1083
https://access.redhat.com/errata/RHSA-2025:1084
https://access.redhat.com/errata/RHSA-2025:1085
https://access.redhat.com/errata/RHSA-2025:1086
https://access.redhat.com/errata/RHSA-2025:1087
https://access.redhat.com/errata/RHSA-2025:1088
https://access.redhat.com/errata/RHSA-2025:1089
https://access.redhat.com/errata/RHSA-2025:1090
https://access.redhat.com/errata/RHSA-2025:1091
https://access.redhat.com/errata/RHSA-2025:1092
https://access.redhat.com/errata/RHSA-2025:1093
https://access.redhat.com/errata/RHSA-2025:1094
https://access.redhat.com/errata/RHSA-2025:1095
https://access.redhat.com/errata/RHSA-2025:1096
https://access.redhat.com/errata/RHSA-2025:1097
https://access.redhat.com/security/cve/CVE-2025-0650
https://bugzilla.redhat.com/show_bug.cgi?id=2339537
https://nvd.nist.gov/vuln/detail/CVE-2025-0650
https://www.cve.org/CVERecord?id=CVE-2025-0650
https://www.openwall.com/lists/oss-security/2025/01/22/5

History

Thu, 13 Feb 2025 01:00:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-0650 https://www.cve.org/CVERecord?id=CVE-2025-0650
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 12 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 06 Feb 2025 09:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:1083 https://access.redhat.com/errata/RHSA-2025:1084 https://access.redhat.com/errata/RHSA-2025:1085 https://access.redhat.com/errata/RHSA-2025:1086 https://access.redhat.com/errata/RHSA-2025:1087 https://access.redhat.com/errata/RHSA-2025:1088 https://access.redhat.com/errata/RHSA-2025:1089 https://access.redhat.com/errata/RHSA-2025:1090 https://access.redhat.com/errata/RHSA-2025:1091 https://access.redhat.com/errata/RHSA-2025:1092 https://access.redhat.com/errata/RHSA-2025:1093 https://access.redhat.com/errata/RHSA-2025:1094 https://access.redhat.com/errata/RHSA-2025:1095 https://access.redhat.com/errata/RHSA-2025:1096 https://access.redhat.com/errata/RHSA-2025:1097

Tue, 28 Jan 2025 20:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:7::fastdatapath~~

Thu, 23 Jan 2025 18:45:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/01/22/11

Thu, 23 Jan 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
Title		Ovn: egress acls may be bypassed via specially crafted udp packet
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-284
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:7::fastdatapath cpe:/o:redhat:enterprise_linux:8::fastdatapath cpe:/o:redhat:enterprise_linux:9::fastdatapath
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-0650 https://bugzilla.redhat.com/show_bug.cgi?id=2339537 https://www.openwall.com/lists/oss-security/2025/01/22/5
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-01-23T16:34:31.390Z

Updated: 2025-03-19T10:58:47.225Z

Reserved: 2025-01-22T15:37:30.389Z

Link: CVE-2025-0650

Vulnrichment

Updated: 2025-01-23T18:03:31.666Z

NVD

Status : Awaiting Analysis

Published: 2025-01-23T17:15:22.163

Modified: 2025-02-06T09:15:11.697

Link: CVE-2025-0650

Redhat

Severity : Important

Publid Date: 2024-01-21T00:00:00Z

Links: CVE-2025-0650 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0650", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-01-22T15:37:30.389Z", "datePublished": "2025-01-23T16:34:31.390Z", "dateUpdated": "2025-03-19T10:58:47.225Z"}, "containers": {"cna": {"title": "Ovn: egress acls may be bypassed via specially crafted udp packet", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network."}], "affected": [{"versions": [{"status": "unaffected", "version": "22.03.8", "versionType": "semver"}, {"status": "unaffected", "version": "24.03.5", "versionType": "semver"}, {"status": "unaffected", "version": "24.09.2", "versionType": "semver"}], "packageName": "ovn", "collectionURL": "https://github.com/ovn-org/ovn", "defaultStatus": "unknown"}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.03", "defaultStatus": "affected", "versions": [{"version": "0:22.03.7-11.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.06", "defaultStatus": "affected", "versions": [{"version": "0:22.06.0-273.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.09", "defaultStatus": "affected", "versions": [{"version": "0:22.09.2-86.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.12", "defaultStatus": "affected", "versions": [{"version": "0:22.12.1-107.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.03", "defaultStatus": "affected", "versions": [{"version": "0:23.03.3-22.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.06", "defaultStatus": "affected", "versions": [{"version": "0:23.06.4-26.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.03", "defaultStatus": "affected", "versions": [{"version": "0:22.03.7-11.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.06", "defaultStatus": "affected", "versions": [{"version": "0:22.06.0-273.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.09", "defaultStatus": "affected", "versions": [{"version": "0:22.09.2-86.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.12", "defaultStatus": "affected", "versions": [{"version": "0:22.12.1-107.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.03", "defaultStatus": "affected", "versions": [{"version": "0:23.03.3-22.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.06", "defaultStatus": "affected", "versions": [{"version": "0:23.06.4-26.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.09", "defaultStatus": "affected", "versions": [{"version": "0:23.09.6-12.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn24.03", "defaultStatus": "affected", "versions": [{"version": "0:24.03.4-53.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn24.09", "defaultStatus": "affected", "versions": [{"version": "0:24.09.1-66.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.06", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.09", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.12", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.03", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.06", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.09", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn24.03", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn24.09", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:1083", "name": "RHSA-2025:1083", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1084", "name": "RHSA-2025:1084", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1085", "name": "RHSA-2025:1085", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1086", "name": "RHSA-2025:1086", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1087", "name": "RHSA-2025:1087", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1088", "name": "RHSA-2025:1088", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1089", "name": "RHSA-2025:1089", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1090", "name": "RHSA-2025:1090", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1091", "name": "RHSA-2025:1091", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1092", "name": "RHSA-2025:1092", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1093", "name": "RHSA-2025:1093", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1094", "name": "RHSA-2025:1094", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1095", "name": "RHSA-2025:1095", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1096", "name": "RHSA-2025:1096", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1097", "name": "RHSA-2025:1097", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-0650", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339537", "name": "RHBZ#2339537", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.openwall.com/lists/oss-security/2025/01/22/5"}], "datePublic": "2024-01-21T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "Improper Access Control", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-284: Improper Access Control", "workarounds": [{"lang": "en", "value": "Red Hat Product Security has not identified any mitigations at this time. We recommend updating to a known patched version of OVN."}], "timeline": [{"lang": "en", "time": "2025-01-22T15:45:40.119000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-21T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-19T10:58:47.225Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/01/22/11"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-23T18:03:31.666Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0650", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-23T17:00:24.397376Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:29.401Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/01/22/11"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-23T18:03:31.666Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0650", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-23T17:00:24.397376Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:35:41.025Z"}}], "cna": {"title": "Ovn: egress acls may be bypassed via specially crafted udp packet", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "unaffected", "version": "22.03.8", "versionType": "semver"}, {"status": "unaffected", "version": "24.03.5", "versionType": "semver"}, {"status": "unaffected", "version": "24.09.2", "versionType": "semver"}], "packageName": "ovn", "collectionURL": "https://github.com/ovn-org/ovn", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:22.03.7-11.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn22.03", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:22.06.0-273.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn22.06", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:22.09.2-86.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn22.09", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:22.12.1-107.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn22.12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:23.03.3-22.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn23.03", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:23.06.4-26.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn23.06", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:22.03.7-11.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn22.03", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:22.06.0-273.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn22.06", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:22.09.2-86.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn22.09", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:22.12.1-107.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn22.12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:23.03.3-22.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn23.03", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:23.06.4-26.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn23.06", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:23.09.6-12.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn23.09", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:24.03.4-53.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn24.03", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:24.09.1-66.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "ovn24.09", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ovn22.06", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ovn22.09", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ovn22.12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ovn23.03", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ovn23.06", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ovn23.09", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ovn24.03", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ovn24.09", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-01-22T15:45:40.119000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-21T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-01-21T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:1083", "name": "RHSA-2025:1083", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1084", "name": "RHSA-2025:1084", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1085", "name": "RHSA-2025:1085", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1086", "name": "RHSA-2025:1086", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1087", "name": "RHSA-2025:1087", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1088", "name": "RHSA-2025:1088", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1089", "name": "RHSA-2025:1089", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1090", "name": "RHSA-2025:1090", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1091", "name": "RHSA-2025:1091", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1092", "name": "RHSA-2025:1092", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1093", "name": "RHSA-2025:1093", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1094", "name": "RHSA-2025:1094", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1095", "name": "RHSA-2025:1095", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1096", "name": "RHSA-2025:1096", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1097", "name": "RHSA-2025:1097", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-0650", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339537", "name": "RHBZ#2339537", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.openwall.com/lists/oss-security/2025/01/22/5"}], "workarounds": [{"lang": "en", "value": "Red Hat Product Security has not identified any mitigations at this time. We recommend updating to a known patched version of OVN."}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Control"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-19T10:58:47.225Z"}, "x_redhatCweChain": "CWE-284: Improper Access Control"}}, "cveMetadata": {"cveId": "CVE-2025-0650", "state": "PUBLISHED", "dateUpdated": "2025-03-19T10:58:47.225Z", "dateReserved": "2025-01-22T15:37:30.389Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-01-23T16:34:31.390Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Open Virtual Network (OVN). Los paquetes UDP manipulados en particular pueden eludir las listas de control de acceso (ACL) de salida en instalaciones OVN configuradas con un conmutador l\u00f3gico con registros DNS configurados en \u00e9l y si el mismo conmutador tiene alguna ACL de salida configurada. Este problema puede provocar acceso no autorizado a m\u00e1quinas virtuales y contenedores que se ejecutan en la red OVN."}], "id": "CVE-2025-0650", "lastModified": "2025-02-06T09:15:11.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-01-23T17:15:22.163", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1083"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1084"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1085"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1086"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1087"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1088"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1089"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1090"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1091"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1092"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1093"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1094"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1095"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1096"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1097"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-0650"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339537"}, {"source": "secalert@redhat.com", "url": "https://www.openwall.com/lists/oss-security/2025/01/22/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/01/22/11"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1083", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "ovn22.03-0:22.03.7-11.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1084", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "ovn22.06-0:22.06.0-273.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1085", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "ovn22.09-0:22.09.2-86.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1086", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "ovn22.12-0:22.12.1-107.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1087", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "ovn23.03-0:23.03.3-22.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1088", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "ovn23.06-0:23.06.4-26.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1089", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn22.03-0:22.03.7-11.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1090", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn22.06-0:22.06.0-273.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1091", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn22.09-0:22.09.2-86.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1092", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn22.12-0:22.12.1-107.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1093", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn23.03-0:23.03.3-22.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1094", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn23.06-0:23.06.4-26.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1095", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn23.09-0:23.09.6-12.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1096", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn24.03-0:24.03.4-53.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1097", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "ovn24.09-0:24.09.1-66.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}], "bugzilla": {"description": "ovn: egress ACLs may be bypassed via specially crafted UDP packet", "id": "2339537", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339537"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-284", "details": ["A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.", "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network."], "mitigation": {"lang": "en:us", "value": "Red Hat Product Security has not identified any mitigations at this time. We recommend updating to a known patched version of OVN."}, "name": "CVE-2025-0650", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "ovn22.06", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "ovn22.09", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "ovn22.12", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "ovn23.03", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "ovn23.06", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "ovn23.09", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "ovn24.03", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "ovn24.09", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-01-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0650\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0650\nhttps://www.openwall.com/lists/oss-security/2025/01/22/5"], "statement": "Fixes for OpenShift Container Platform ovn component will be consumed from RHEL Fast Datapath.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object