{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5366", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-10-03T19:14:58.793Z", "datePublished": "2023-10-06T17:43:34.376Z", "dateUpdated": "2025-02-13T17:20:09.786Z"}, "containers": {"cna": {"title": "Openvswitch don't match packets on nd_target field", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses."}], "affected": [{"product": "openvswitch", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.10", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.11", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.12", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.13", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.15", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.11", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.12", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.13", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.15", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.16", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.17", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.1", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.17", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.0", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.1", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch-ovn-kubernetes", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:3.11"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.15", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.16", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.17", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.0", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.1", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-openvswitch", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openstack:16.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-openvswitch", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.11", "defaultStatus": "affected", "cpes": ["cpe:/:redhat:enterprise_linux:::hypervisor"]}, {"vendor": "Red Hat", "product": "Red Hat Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-virtualization-host", "defaultStatus": "affected", "cpes": ["cpe:/:redhat:enterprise_linux:::hypervisor"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "openvswitch", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-5366", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347", "name": "RHBZ#2006347", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"}], "datePublic": "2023-09-26T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-345: Insufficient Verification of Data Authenticity", "timeline": [{"lang": "en", "time": "2021-09-21T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-09-26T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Alex Katz (Red Hat) and Slawomir Kaplonski (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-03-23T02:06:38.589Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:43.267Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-5366", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347", "name": "RHBZ#2006347", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/08/4", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "29766552-B5EB-4F13-8317-92D8F385DF19", "versionEndExcluding": "2023-02-28", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Open vSwitch que permite que los paquetes de anuncios de vecinos ICMPv6 entre m\u00e1quinas virtuales omitan las reglas de OpenFlow. Este problema puede permitir que un atacante local cree paquetes especialmente manipulados con un campo de direcci\u00f3n IP de destino modificado o falsificado que puede redirigir el tr\u00e1fico ICMPv6 a direcciones IP arbitrarias."}], "id": "CVE-2023-5366", "lastModified": "2024-11-21T08:41:37.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-06T18:15:12.520", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5366"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5366"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Alex Katz (Red Hat) and Slawomir Kaplonski (Red Hat).", "affected_release": [{"advisory": "RHSA-2024:1234", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch2.17-0:2.17.0-148.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2024-03-07T00:00:00Z"}, {"advisory": "RHSA-2024:1235", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch3.1-0:3.1.0-96.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2024-03-07T00:00:00Z"}, {"advisory": "RHBA-2024:1226", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "openvswitch2.17-0:2.17.0-131.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2024-03-07T00:00:00Z"}, {"advisory": "RHBA-2024:1228", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "openvswitch3.2-0:3.2.0-56.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2024-03-07T00:00:00Z"}, {"advisory": "RHSA-2024:1227", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "openvswitch3.1-0:3.1.0-88.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2024-03-07T00:00:00Z"}], "bugzilla": {"description": "openvswitch: openvswitch don't match packets on nd_target field", "id": "2006347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-345", "details": ["A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.", "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses."], "name": "CVE-2023-5366", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Affected", "package_name": "openvswitch", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.10", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.11", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.13", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.15", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.11", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Affected", "package_name": "openvswitch2.13", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Affected", "package_name": "openvswitch2.15", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.16", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch3.0", "product_name": "Fast Datapath for RHEL 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openvswitch", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openvswitch-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Not affected", "package_name": "rhosp-openvswitch", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-openvswitch", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Affected", "package_name": "openvswitch2.11", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Affected", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}], "public_date": "2023-09-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5366\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5366\nhttps://mail.openvswitch.org/pipermail/ovs-announce/2024-February/000342.html"], "statement": "Red Hat Enterprise Linux 7 provides the `openvswitch` package only through the unsupported Optional repository. Customers are advised to install Open vSwitch (OVS) from RHEL Fast Datapath instead.\nRed Hat OpenStack Platform 13/16 deployments are not affected because they use openvswitch directly from the Fast Datapath channel. A rhosp-openvswitch update will therefore not be provided at this time. Any updates will be distributed through that channel.", "threat_severity": "Moderate"}