UBUNTU-CVE-2025-0650

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-0650
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-0650.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-0650
Related
Published
2025-01-23T17:15:00Z
Modified
2025-01-31T16:33:12Z
Summary
[none]
Details

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network. OVN provides rudimentary DNS caching as an optional feature to speed up lookups of frequently-used domains. When this feature is enabled, due to the OpenFlow rules that OVN installs in Open vSwitch, it is possible for an attacker to craft a UDP packet that can bypass egress ACL rules. Egress ACL rules are those that have the "direction" set to "to-lport". The OVN installation is vulnerable if a logical switch has DNS records set on it AND if the same switch has any egress ACLs configured on it. The switch is considered to have egress ACLs configured if the switch has an egress ACL configured directly on it using the "acls" column of the logical switch. A switch is also considered to have egress ACLs configured if any of its logical switch ports are part of a port group that has egress ACLs configured in its "acls" column. A python script (vuln_test.py) is attached to this advisory and can be used to determine if your installation is vulnerable. Run it in a location where "ovn-nbctl" is installed and can access the northbound database. The script will print to the console whether the installation is vulnerable.

References

Affected packages

Ubuntu:20.04:LTS / ovn

Package

Name
ovn
Purl
pkg:deb/ubuntu/ovn@20.03.2-0ubuntu0.20.04.5?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.90~git20200107.c80e014d4-0ubuntu1
2.12.90~git20200107.c80e014d4-0ubuntu2

20.*

20.03.0~git20200212.9a4e68ec8-0ubuntu1
20.03.0~git20200212.9a4e68ec8-0ubuntu3
20.03.0-0ubuntu1
20.03.1-0ubuntu1
20.03.1-0ubuntu1.1
20.03.1-0ubuntu1.2
20.03.2-0ubuntu0.20.04.1
20.03.2-0ubuntu0.20.04.2
20.03.2-0ubuntu0.20.04.3
20.03.2-0ubuntu0.20.04.4
20.03.2-0ubuntu0.20.04.5

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ovn

Package

Name
ovn
Purl
pkg:deb/ubuntu/ovn@22.03.3-0ubuntu0.22.04.3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

21.*

21.09.0~git20210922.6549e5842-0ubuntu1
21.09.0~git20210922.6549e5842-0ubuntu2
21.09.0-0ubuntu2
21.12.0-0ubuntu1

22.*

22.03.0~git20220218.ed81be7-0ubuntu1
22.03.0-0ubuntu1
22.03.2-0ubuntu0.22.04.1
22.03.3-0ubuntu0.22.04.1
22.03.3-0ubuntu0.22.04.2
22.03.3-0ubuntu0.22.04.3

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ovn

Package

Name
ovn
Purl
pkg:deb/ubuntu/ovn@24.09.0-1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

24.*

24.03.1-2ubuntu3
24.03.2-2
24.03.2-2maysync1
24.09.0~git20240815.0fbe412-0ubuntu0
24.09.0-1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ovn

Package

Name
ovn
Purl
pkg:deb/ubuntu/ovn@24.03.2-0ubuntu0.24.04.1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

23.*

23.09.0-1
23.09.0-2

24.*

24.03.0~git20240205.ebb7076-1
24.03.1-2ubuntu1
24.03.1-2ubuntu3
24.03.2-0ubuntu0.24.04.1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}