I marked bug 1841622 as duplicate of this one.
Regarding Your question about potential vulnerability, I don't think there is any here. This bug is about broadcasting packets to other ports from the same tenant network. Other networks are always using another vlan tag locally in br-int so there is no way that such packets can be seen on interfaces which belongs to other networks.
Hi Jeremy,
I marked bug 1841622 as duplicate of this one.
Regarding Your question about potential vulnerability, I don't think there is any here. This bug is about broadcasting packets to other ports from the same tenant network. Other networks are always using another vlan tag locally in br-int so there is no way that such packets can be seen on interfaces which belongs to other networks.