CVE-2023-3966

Published: 22/02/2024 Updated: 23/03/2024

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

Debian Bug report logs - #1063492 openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW offload Package: src:openvswitch; Maintainer for src:openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Feb 2024 21:39:04 UTC Seve ...

Description =========== Multiple versions of Open vSwitch are vulnerable to crafted Geneve packets causing invalid memory accesses and potential denial of service Triggering the vulnerability requires that Open vSwitch has flow hardware offload with Linux TC flower enabled (other_config:hw-offload=true) It is not enabled by default The issue i ...

CWE-248 https://access.redhat.com/security/cve/CVE-2023-3966 https://bugzilla.redhat.com/show_bug.cgi?id=2178363 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-3966

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect