DEBIAN-CVE-2024-2182

DEBIAN-CVE-2024-2182 PUBLISHED CVSS 6.5 MEDIUM

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	ovn	0, 0, 0
Debian:12	ovn	23.03.0-1, 23.03.0-3, 23.03.1-1~deb12u1
Debian:14	ovn	0, 0, 0

Timeline

Mar 12, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-2182 advisory

Open in Interactive Console →