CVE-2025-0650
Ovn: egress acls may be bypassed via specially crafted udp packet
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
ovnRed Hat · Fast Datapath for Red Hat Enterprise Linux 8Red Hat · Fast Datapath for Red Hat Enterprise Linux 9Red Hat · Red Hat OpenShift Container Platform 4¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2025:1083https://access.redhat.com/errata/RHSA-2025:1084https://access.redhat.com/errata/RHSA-2025:1085https://access.redhat.com/errata/RHSA-2025:1086https://access.redhat.com/errata/RHSA-2025:1087https://access.redhat.com/errata/RHSA-2025:1088https://access.redhat.com/errata/RHSA-2025:1089https://access.redhat.com/errata/RHSA-2025:1090https://access.redhat.com/errata/RHSA-2025:1091https://access.redhat.com/errata/RHSA-2025:1092https://access.redhat.com/errata/RHSA-2025:1093https://access.redhat.com/errata/RHSA-2025:1094