Antonin Bas

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the openvswitch component in the Linux kernel, where the `OVS PACKET CMD EXECUTE` path has a vulnerability that can lead to incorrect packet matching and potentially executing wrong actions. This occurs when parsing ICMPv6 headers, specifically with the `ipv6.nd` field, which is a union that shares space between `nd` and `ct orig` and holds the original tuple conntrack metadata. The problem arises when the packet parsing code zeroes out fields in the key corresponding to Neighbor Discovery information, even if it's not an ND packet. This can result in all but the last 4 bytes of the destination address being wiped from the original conntrack tuple. The issue only affects the `OVS PACKET CMD EXECUTE` path and does not affect packets entering the OVS datapath from network interfaces. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.