Open vSwitch ICMP Error Response Heap Over-Read Vulnerability

Vulnerability

A heap over-read vulnerability has been identified in Open vSwitch (OVN) when generating ICMP Destination Unreachable or Packet Too Big responses. The issue arises because the ICMP error handler copies a portion of the original packet into the ICMP error body using the IP header's declared total length, without validating it against the actual packet buffer size. This flaw allows a virtual machine to send a short packet with an inflated IP length, triggering an ICMP error response that includes invalid memory data. The vulnerability affects Open vSwitch versions 2.11, 2.12, 2.13, 22.03, 22.06, and 22.09 on Red Hat Enterprise Linux 8.

Impact

Exploitation of this vulnerability leads to a heap over-read, where the ICMP response includes data from memory beyond the valid packet information.

Added: Apr 24, 2026, 1:28 PM

Updated: Apr 24, 2026, 1:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open vSwitch ICMP Error Response Heap Over-Read Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating