CVE-2026-5265
Ovn: ovn: heap over-read in icmp error response generation - security issue
CVSS Score
6.5
EPSS Score
0.1%
EPSS Percentile
27th
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM.
| CWE | CWE-130 |
| Vendor | red hat |
| Product | fast datapath for red hat enterprise linux 10 |
| Published | Apr 24, 2026 |
| Last Updated | Jun 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat fast datapath for red hat enterprise linux 10
Be the first to know when new medium vulnerabilities affecting red hat fast datapath for red hat enterprise linux 10 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High
Affected Versions
Red Hat / Fast Datapath for Red Hat Enterprise Linux 10
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 10
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for RHEL 7
All versions affected Red Hat / Fast Datapath for RHEL 7
All versions affected Red Hat / Fast Datapath for RHEL 7
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 8
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected Red Hat / Fast Datapath for RHEL 9
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11694 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11695 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11696 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11698 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11700 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11701 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11702 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22110 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22111 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-5265 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2453458 openwall.com: http://www.openwall.com/lists/oss-security/2026/04/20/2 openwall.com: http://www.openwall.com/lists/oss-security/2026/04/20/4