CVE-2024-2182
Ovn: insufficient validation of bfd packets may lead to denial of service
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Productos afectados
ovnRed Hat · Fast Datapath for Red Hat Enterprise Linux 8Red Hat · Fast Datapath for Red Hat Enterprise Linux 9Red Hat · Fast Datapath for RHEL 7Red Hat · Fast Datapath for RHEL 8Red Hat · Fast Datapath for RHEL 9¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2024:1385https://access.redhat.com/errata/RHSA-2024:1386https://access.redhat.com/errata/RHSA-2024:1387https://access.redhat.com/errata/RHSA-2024:1388https://access.redhat.com/errata/RHSA-2024:1390https://access.redhat.com/errata/RHSA-2024:1391https://access.redhat.com/errata/RHSA-2024:1392https://access.redhat.com/errata/RHSA-2024:1393https://access.redhat.com/errata/RHSA-2024:1394https://access.redhat.com/errata/RHSA-2024:4035https://access.redhat.com/security/cve/CVE-2024-2182https://bugzilla.redhat.com/show_bug.cgi?id=2267840