CVE-2025-0650

NameCVE-2025-0650
DescriptionA flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1093884

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ovn (PTS)bookworm23.03.1-1~deb12u2vulnerable
sid, trixie24.09.0-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ovnsource(unstable)(unfixed)1093884

Notes

https://www.openwall.com/lists/oss-security/2025/01/22/5
https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668 (v24.09.2)
Search for package or bug name: Reporting problems