Skip to main content

Open Virtual Network (OVN) EUVDEUVD-2026-25421

| CVE-2026-5367 HIGH
Improper Handling of Length Parameter Inconsistency (CWE-130)
8.6
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
SUSE
HIGH
qualitative
Red Hat
8.6 HIGH
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

7
Re-analysis Queued
Apr 29, 2026 - 13:23 vuln.today
cvss_changed
Patch released
Apr 29, 2026 - 02:30 nvd
Patch available
Analysis Generated
Apr 24, 2026 - 15:15 vuln.today
CVSS changed
Apr 24, 2026 - 13:22 NVD
8.6 (HIGH)
EUVD ID Assigned
Apr 24, 2026 - 12:21 euvd
EUVD-2026-25421
Analysis Generated
Apr 24, 2026 - 12:21 vuln.today
CVE Published
Apr 24, 2026 - 12:21 nvd
HIGH 8.6

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Heap over-read in Open Virtual Network (OVN) DHCPv6 client ID processing allows remote unauthenticated attackers to extract sensitive memory contents across network boundaries. The vulnerability affects OVN's DHCPv6 implementation and carries a CVSS score of 8.6 with scope change, enabling cross-tenant information disclosure in multi-tenant virtualized environments. Public advisory released via oss-security mailing list on 2026-04-20, though no confirmed active exploitation or public POC identified at time of analysis.

Technical ContextAI

Open Virtual Network (OVN) is a software-defined networking (SDN) solution that provides virtual network abstraction for virtualization platforms like OpenStack and oVirt. The vulnerability resides in OVN's DHCPv6 server implementation, specifically the DHCPv6 Client Identifier (DUID) processing logic. CWE-130 indicates an improper length parameter inconsistency - the code likely reads beyond allocated buffer boundaries when parsing malformed DHCPv6 client identifiers. DHCPv6 Client IDs contain variable-length identifiers (DUID-LLT, DUID-EN, DUID-LL, DUID-UUID) defined in RFC 8415. The heap over-read occurs when OVN fails to validate client-controlled length fields before memory access, allowing attackers to craft DHCPv6 messages that trigger reads beyond the intended buffer, exposing adjacent heap memory. The CVSS scope change (S:C) indicates the vulnerability can affect resources beyond the vulnerable component's security scope - critical in multi-tenant virtualized networks where OVN manages network isolation between tenants.

Affected ProductsAI

Open Virtual Network (OVN) DHCPv6 server component is confirmed affected based on oss-security advisory EUVD-2026-25421. Red Hat Bugzilla 2455863 indicates Red Hat-packaged OVN distributions are impacted. Specific vulnerable version ranges not disclosed in available references, though the advisory timeline (April 2026) suggests recent OVN releases. OVN is commonly deployed as part of Red Hat OpenStack Platform, oVirt, and standalone SDN installations. Vendor-specific advisories from access.redhat.com/security/cve/CVE-2026-5367 should contain definitive affected version information and CPE identifiers once published.

RemediationAI

Monitor Red Hat security portal (https://access.redhat.com/security/cve/CVE-2026-5367) and upstream OVN project for patch announcements following the April 20, 2026 oss-security disclosure. Red Hat Bugzilla 2455863 (https://bugzilla.redhat.com/show_bug.cgi?id=2455863) tracks the vendor fix and should provide patched package versions when available. Until patches are released, organizations can implement network-layer compensating controls: restrict DHCPv6 client access to OVN DHCPv6 servers using ACLs or security groups, limiting exposure to trusted network segments only - this reduces attack surface but impacts legitimate DHCPv6 functionality. In multi-tenant environments, consider temporarily disabling DHCPv6 in favor of static IPv6 addressing or DHCPv4-only configurations if operationally feasible, though this requires coordinated reconfiguration of virtual machine networking. Deploy network monitoring to detect anomalous DHCPv6 traffic patterns (oversized client identifiers, unusual DUID formats) as a detection control, though sophisticated attackers may evade signature-based detection. These workarounds carry operational complexity and should be replaced with vendor patches as soon as available.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Server Applications 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

EUVD-2026-25421 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy