Launchpad.net

CVE 2023-1668

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Related bugs and status

CVE-2023-1668 (Candidate) is related to these bugs:

Bug #2003060: [SRU] openvswitch 2.17.5 point release

Summary				In	Importance	Status
	2003060	[SRU] openvswitch 2.17.5 point release		openvswitch (Ubuntu)	Undecided	Invalid
	2003060	[SRU] openvswitch 2.17.5 point release		openvswitch (Ubuntu Jammy)	High	Fix Released

Bug #2018640: [Debian] CVE: CVE-2023-1668: openvswitch incorrect handling of other IP packets with a != 0

Summary				In	Importance	Status
	2018640	[Debian] CVE: CVE-2023-1668: openvswitch incorrect handling of other IP packets with a != 0		StarlingX	High	Fix Released

Bug #2025319: [SRU] openvswitch 3.1.2 point release

		In	Importance	Status
2025319	[SRU] openvswitch 3.1.2 point release	openvswitch (Ubuntu)	Undecided	Invalid
2025319	[SRU] openvswitch 3.1.2 point release	openvswitch (Ubuntu Lunar)	High	Fix Released
2025319	[SRU] openvswitch 3.1.2 point release	Ubuntu Cloud Archive	Undecided	Fix Committed
2025319	[SRU] openvswitch 3.1.2 point release	Ubuntu Cloud Archive antelope	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-1668

Related bugs and status

Related bugs

References