A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
History

Tue, 28 Jan 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:7::fastdatapath

Thu, 23 Jan 2025 18:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
Title Ovn: egress acls may be bypassed via specially crafted udp packet
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-284
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:7::fastdatapath
cpe:/o:redhat:enterprise_linux:8::fastdatapath
cpe:/o:redhat:enterprise_linux:9::fastdatapath
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-01-23T16:34:31.390Z

Updated: 2025-01-28T22:30:00.839Z

Reserved: 2025-01-22T15:37:30.389Z

Link: CVE-2025-0650

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-01-23T17:15:22.163

Modified: 2025-01-23T18:15:33.110

Link: CVE-2025-0650

cve-icon Redhat

No data.