A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

The version of openvswitch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3966 advisory.

  - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which     May result in a denial of service and invalid memory accesses. Triggering this issue requires that     hardware offloading via the netlink path is enabled. (CVE-2023-3966)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1f26ce7731 advisory.

  - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which     may result in a denial of service and invalid memory accesses. Triggering this issue requires that     hardware offloading via the netlink path is enabled. (CVE-2023-3966)

  - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual     machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted     packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary     IP addresses. (CVE-2023-5366)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0937-1 advisory.

  - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which     may result in a denial of service and invalid memory accesses. Triggering this issue requires that     hardware offloading via the netlink path is enabled. (CVE-2023-3966)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0922-1 advisory.

  - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which     may result in a denial of service and invalid memory accesses. Triggering this issue requires that     hardware offloading via the netlink path is enabled. (CVE-2023-3966)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0912-1 advisory.

  - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which     may result in a denial of service and invalid memory accesses. Triggering this issue requires that     hardware offloading via the netlink path is enabled. (CVE-2023-3966)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a4530e9bfe advisory.

  - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which     may result in a denial of service and invalid memory accesses. Triggering this issue requires that     hardware offloading via the netlink path is enabled. (CVE-2023-3966)

  - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual     machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted     packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary     IP addresses. (CVE-2023-5366)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5640 advisory.

  - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which     may result in a denial of service and invalid memory accesses. Triggering this issue requires that     hardware offloading via the netlink path is enabled. (CVE-2023-3966)

  - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual     machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted     packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary     IP addresses. (CVE-2023-5366)

  - openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in     openvswitch-2.17.8/lib/util.c. (CVE-2024-22563)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6690-1 advisory.

    Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted     Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly     use this issue to cause Open vSwitch to crash, leading to a denial of service. (CVE-2023-3966)

    It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A     remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.
    (CVE-2023-5366)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1234 advisory.

    Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote     per-flow control of traffic.

    Security Fix(es):

    * openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet (CVE-2023-3966)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1227 advisory.

    Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote     per-flow control of traffic.

    Security Fix(es):

    * openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet (CVE-2023-3966)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1235 advisory.

    Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote     per-flow control of traffic.

    Security Fix(es):

    * openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet (CVE-2023-3966)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0738-1 advisory.

  - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which     may result in a denial of service and invalid memory accesses. Triggering this issue requires that     hardware offloading via the netlink path is enabled. (CVE-2023-3966)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
201592	CBL Mariner 2.0 Security Update: openvswitch (CVE-2023-3966)	Nessus	MarinerOS Local Security Checks	high
194715	Fedora 40 : openvswitch (2024-1f26ce7731)	Nessus	Fedora Local Security Checks	medium
192504	SUSE SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2024:0937-1)	Nessus	SuSE Local Security Checks	high
192498	SUSE SLES15 Security Update : openvswitch (SUSE-SU-2024:0922-1)	Nessus	SuSE Local Security Checks	high
192231	SUSE SLES15 Security Update : openvswitch (SUSE-SU-2024:0912-1)	Nessus	SuSE Local Security Checks	high
192171	Fedora 39 : openvswitch (2024-a4530e9bfe)	Nessus	Fedora Local Security Checks	medium
192117	Debian dsa-5640 : openvswitch-common - security update	Nessus	Debian Local Security Checks	medium
191928	Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Open vSwitch vulnerabilities (USN-6690-1)	Nessus	Ubuntu Local Security Checks	medium
191724	RHEL 8 : openvswitch2.17 (RHSA-2024:1234)	Nessus	Red Hat Local Security Checks	medium
191723	RHEL 9 : openvswitch3.1 (RHSA-2024:1227)	Nessus	Red Hat Local Security Checks	medium
191722	RHEL 8 : openvswitch3.1 (RHSA-2024:1235)	Nessus	Red Hat Local Security Checks	medium
191475	SUSE SLES15 / openSUSE 15 Security Update : openvswitch3 (SUSE-SU-2024:0738-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2023-3966

high

Tenable Plugins

high

medium

high

high

high

medium

medium

medium

medium

medium

medium

high