CVE-2023-3966

Publication date 8 February 2024

Last updated 24 July 2024


Ubuntu priority

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

Read the notes from the security team

Mitigation

Disable flow hardware offload if enabled via the following setting and reboot: other_config:hw-offload=false

Status

Package Ubuntu Release Status
openvswitch 24.04 LTS noble
Fixed 3.3.0~git20240118.e802fe7-3ubuntu1
23.10 mantic
Fixed 3.2.2-0ubuntu0.23.10.1
22.04 LTS jammy
Fixed 2.17.9-0ubuntu0.22.04.1
20.04 LTS focal
Fixed 2.13.8-0ubuntu1.4
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Ignored end of standard support

Notes


amurray

According to the upstream advisory only affects version 2.12 and newer but the mentioned commit which introduced this bug (https://github.com/openvswitch/ovs/commit/a468645c6d33) was shipped in 2.11.0 as well so assuming this is also affected.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
openvswitch