A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift

No data.

Package CPE Advisory Released Date
Fast Datapath for Red Hat Enterprise Linux 8
ovn22.03-0:22.03.7-11.el8fdp cpe:/o:redhat:enterprise_linux:8::fastdatapath RHSA-2025:1083 2025-02-05T00:00:00Z
ovn22.06-0:22.06.0-273.el8fdp cpe:/o:redhat:enterprise_linux:8::fastdatapath RHSA-2025:1084 2025-02-05T00:00:00Z
ovn22.09-0:22.09.2-86.el8fdp cpe:/o:redhat:enterprise_linux:8::fastdatapath RHSA-2025:1085 2025-02-05T00:00:00Z
ovn22.12-0:22.12.1-107.el8fdp cpe:/o:redhat:enterprise_linux:8::fastdatapath RHSA-2025:1086 2025-02-05T00:00:00Z
ovn23.03-0:23.03.3-22.el8fdp cpe:/o:redhat:enterprise_linux:8::fastdatapath RHSA-2025:1087 2025-02-05T00:00:00Z
ovn23.06-0:23.06.4-26.el8fdp cpe:/o:redhat:enterprise_linux:8::fastdatapath RHSA-2025:1088 2025-02-05T00:00:00Z
Fast Datapath for Red Hat Enterprise Linux 9
ovn22.03-0:22.03.7-11.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1089 2025-02-05T00:00:00Z
ovn22.06-0:22.06.0-273.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1090 2025-02-05T00:00:00Z
ovn22.09-0:22.09.2-86.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1091 2025-02-05T00:00:00Z
ovn22.12-0:22.12.1-107.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1092 2025-02-05T00:00:00Z
ovn23.03-0:23.03.3-22.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1093 2025-02-05T00:00:00Z
ovn23.06-0:23.06.4-26.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1094 2025-02-05T00:00:00Z
ovn23.09-0:23.09.6-12.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1095 2025-02-05T00:00:00Z
ovn24.03-0:24.03.4-53.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1096 2025-02-05T00:00:00Z
ovn24.09-0:24.09.1-66.el9fdp cpe:/o:redhat:enterprise_linux:9::fastdatapath RHSA-2025:1097 2025-02-05T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2025/01/22/11 cve-icon
https://access.redhat.com/errata/RHSA-2025:1083 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1084 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1085 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1086 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1087 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1088 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1089 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1090 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1091 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1092 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1093 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1094 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1095 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1096 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1097 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-0650 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2339537 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-0650 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-0650 cve-icon
https://www.openwall.com/lists/oss-security/2025/01/22/5 cve-icon cve-icon cve-icon
History

Thu, 13 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 12 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 06 Feb 2025 09:15:00 +0000

Type Values Removed Values Added
References

Tue, 28 Jan 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:7::fastdatapath

Thu, 23 Jan 2025 18:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
Title Ovn: egress acls may be bypassed via specially crafted udp packet
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-284
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:7::fastdatapath
cpe:/o:redhat:enterprise_linux:8::fastdatapath
cpe:/o:redhat:enterprise_linux:9::fastdatapath
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-01-23T16:34:31.390Z

Updated: 2025-02-26T06:53:05.605Z

Reserved: 2025-01-22T15:37:30.389Z

Link: CVE-2025-0650

cve-icon Vulnrichment

Updated: 2025-01-23T18:03:31.666Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-01-23T17:15:22.163

Modified: 2025-02-06T09:15:11.697

Link: CVE-2025-0650

cve-icon Redhat

Severity : Important

Publid Date: 2024-01-21T00:00:00Z

Links: CVE-2025-0650 - Bugzilla