Unrated severityNVD Advisory· Published Oct 4, 2023· Updated Sep 19, 2024

Service monitor mac flow is not rate limited

CVE-2023-3153

Description

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

Affected products

Red Hat/Openshift Container Platformcpe-rescue
cpe:/a:redhat:openshift:4
Red Hat/Red Hat OpenStack Platform 13 (Queens)v5
cpe:/a:redhat:openstack:13
Red Hat/Fast Datapath for RHEL 7v5
cpe:/o:redhat:enterprise_linux:7::fastdatapath
Red Hat/Fast Datapath for RHEL 8v5
cpe:/o:redhat:enterprise_linux:8::fastdatapath
Red Hat/Fast Datapath for RHEL 9v5
cpe:/o:redhat:enterprise_linux:9::fastdatapath
osv-coords12 versions
pkg:rpm/opensuse/openvswitch3&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/openvswitch3&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/openvswitch&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/openvswitch&distro=openSUSE%20Tumbleweed pkg:rpm/suse/openvswitch3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/openvswitch3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/openvswitch3&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/openvswitch3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/openvswitch3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/openvswitch3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/openvswitch&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS pkg:rpm/suse/openvswitch&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
< 3.1.0-150500.3.6.2+ 11 more
- (no CPE)range: < 3.1.0-150500.3.6.2
- (no CPE)range: < 3.1.7-150500.3.25.1
- (no CPE)range: < 3.1.7-150600.33.9.1
- (no CPE)range: < 3.1.0-15.1
- (no CPE)range: < 3.1.7-150500.3.25.1
- (no CPE)range: < 3.1.7-150500.3.25.1
- (no CPE)range: < 3.1.7-150500.3.25.1
- (no CPE)range: < 3.1.0-150500.3.6.2
- (no CPE)range: < 3.1.7-150500.3.25.1
- (no CPE)range: < 3.1.7-150500.3.25.1
- (no CPE)range: < 3.1.7-150600.33.9.1
- (no CPE)range: < 3.1.7-150600.33.9.1
Fedora/Fedorav5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2023-3153mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bdmitre
github.com/ovn-org/ovn/issues/198mitre
mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.htmlmitre
mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000