Description
A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.
Published: 2026-06-04
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing upper‑bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads, leading to resource exhaustion and a denial of service. The vulnerability is a clear example of a resource exhaustion flaw where an unverified input value directly controls system resource allocation. The resulting denial of service can render the Open vSwitch instance unresponsive, affecting network traffic handling.

Affected Systems

The vulnerability affects Open vSwitch version 3.6.90. No other versions or vendor products are listed.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity; the EPSS score is unavailable, but the exploit is feasible if the attacker has OVSDB write permissions. Because the flaw is unconditionally granted to any OVSDB writer, the risk level is moderate to high in environments where this access is not tightly controlled. The issue is not listed in CISA’s KEV catalog, and no active public exploit is reported; however, the lack of an upper bound can cause a local or remote denial of service depending on how the OVSDB interface is exposed.

Generated by OpenCVE AI on June 4, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an official security patch or upgrade Open vSwitch to a version where this bug is fixed.
  • Restrict OVSDB write permissions to a minimal set of trusted administrators to prevent malicious thread‑creation requests.
  • Enable monitoring of OVSDB logs for abnormal thread‑creation patterns and set alerts for sudden increases in related metrics.

Generated by OpenCVE AI on June 4, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat openvswitch
Vendors & Products Redhat
Redhat openvswitch

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Open vSwitch Thread Allocation Exploit Causing Denial of Service

Thu, 04 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Title Open vSwitch Resource Exhaustion via Missing Thread Bound Check
Weaknesses CWE-399

Thu, 04 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Title Open vSwitch Resource Exhaustion via Missing Thread Bound Check
Weaknesses CWE-399

Thu, 04 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.
References

Subscriptions

Redhat Openvswitch
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-04T18:43:31.463Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36499

cve-icon Vulnrichment

Updated: 2026-06-04T18:39:16.014Z

cve-icon NVD

Status : Received

Published: 2026-06-04T19:16:28.563

Modified: 2026-06-04T20:16:57.273

Link: CVE-2026-36499

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:10:59Z

Weaknesses