CVE-2024-2182
Ovn: insufficient validation of bfd packets may lead to denial of service
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
| CWE | CWE-346 |
| Published | Mar 12, 2024 |
| Last Updated | Nov 8, 2025 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new medium vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for RHEL 7
All versions affected Red Hat / Fast Datapath for RHEL 7
All versions affected Red Hat / Fast Datapath for RHEL 7
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1385 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1386 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1387 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1388 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1390 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1391 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1392 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1393 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1394 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4035 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-2182 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2267840 mail.openvswitch.org: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html openwall.com: https://www.openwall.com/lists/oss-security/2024/03/12/5 openwall.com: http://www.openwall.com/lists/oss-security/2024/03/12/5 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/
Credits
Red Hat would like to thank Frode Nordahl (Canonical) for reporting this issue.