A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

An update of the openvswitch package has been released.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4035 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn-2021: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bf29e92de4 advisory.

    Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service     [fedora-all]

    ----

    Sync to upstream OVN branch-23.09. Below are the commits since

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7c11edcd20 advisory.

    Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service     [fedora-all]

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-082155d6b7 advisory.

    Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service     [fedora-all]

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1385 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn23.06: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1393 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn22.03: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1391 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn23.06: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1387 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn22.03: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1392 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn22.12: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1386 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn22.12: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1388 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn23.03: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1390 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn23.09: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1394 advisory.

    OVN, the Open Virtual Network, is a system to support virtual network     abstraction.  OVN complements the existing capabilities of OVS to add     native support for virtual network abstractions, such as virtual L2 and L3     overlays and security groups.

    Security fix(es):

    * ovn23.03: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6691-1 advisory.

    It was discovered that OVN incorrectly enabled OVS Bidirectional Forwarding Detection on logical ports. A     remote attacker could possibly use this issue to disrupt traffic.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
203770	Photon OS 3.0: Openvswitch PHSA-2024-3.0-0738	Nessus	PhotonOS Local Security Checks	medium
200796	RHEL 8 : ovn-2021 (RHSA-2024:4035)	Nessus	Red Hat Local Security Checks	medium
195806	RHEL 9 : ovn (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	medium
195784	RHEL 7 : ovn (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	medium
195763	RHEL 8 : ovn (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	medium
194674	Fedora 40 : ovn (2024-bf29e92de4)	Nessus	Fedora Local Security Checks	medium
192460	Fedora 38 : ovn (2024-7c11edcd20)	Nessus	Fedora Local Security Checks	medium
192457	Fedora 39 : ovn (2024-082155d6b7)	Nessus	Fedora Local Security Checks	medium
192265	RHEL 8 : ovn23.06 (RHSA-2024:1385)	Nessus	Red Hat Local Security Checks	medium
192262	RHEL 9 : ovn22.03 (RHSA-2024:1393)	Nessus	Red Hat Local Security Checks	medium
192261	RHEL 9 : ovn23.06 (RHSA-2024:1391)	Nessus	Red Hat Local Security Checks	medium
192260	RHEL 8 : ovn22.03 (RHSA-2024:1387)	Nessus	Red Hat Local Security Checks	medium
192259	RHEL 9 : ovn22.12 (RHSA-2024:1392)	Nessus	Red Hat Local Security Checks	medium
192258	RHEL 8 : ovn22.12 (RHSA-2024:1386)	Nessus	Red Hat Local Security Checks	medium
192257	RHEL 8 : ovn23.03 (RHSA-2024:1388)	Nessus	Red Hat Local Security Checks	medium
192256	RHEL 9 : ovn23.09 (RHSA-2024:1390)	Nessus	Red Hat Local Security Checks	medium
192253	RHEL 9 : ovn23.03 (RHSA-2024:1394)	Nessus	Red Hat Local Security Checks	medium
191927	Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OVN vulnerability (USN-6691-1)	Nessus	Ubuntu Local Security Checks	medium

Detections

Analytics

CVE-2024-2182

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium