CVE-2023-1668 Information

Description

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0 OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow but with an incorrect action possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Reference

https://www.openwall.com/lists/oss-security/2023/04/06/1 https://bugzilla.redhat.com/show_bug.cgi?id=2137666