Ddos 
The Open Virtual Network (OVN) team has issued a dual-threat security advisory concerning two critical heap over-read vulnerabilities. These flaws, identified as CVE-2026-5265 and CVE-2026-5367, could allow malicious actors to siphon sensitive information from the memory of virtualized environments by sending specifically crafted network packets.
CVE-2026-5265: The ICMP Response Leak
The first vulnerability involves how OVN generates ICMP error responses. When OVN handles tasks like PMTU discovery or rejected ACLs, the userspace pinctrl thread processes incoming data to create a reply.
The system copies data from an original packet based on its self-declared length without verifying the actual buffer size. As described in the advisory, “A VM can send a short packet with an inflated IP length field that triggers an ICMP error… causing ovn-controller to read heap memory beyond the valid packet data”. This adjacent heap information is then included in the ICMP response and delivered directly back to the attacker.
CVE-2026-5367: Vulnerable DHCPv6 Processing
The second flaw targets OVN’s DHCPv6 client ID processing. Similar to the ICMP issue, this vulnerability resides in the pinctrl thread when building DHCPv6 ADVERTISE replies.
The handler echoes the Client ID option using the length declared within the option itself, rather than validating it against the packet bounds. “A workload can send a crafted DHCPv6 SOLICIT with an inflated Client ID length field, causing ovn-controller to copy heap memory beyond the valid packet data into the reply,” the advisory explains. This leaked memory is sent back to the attackerβs virtual machine port, potentially exposing sensitive adjacent data.
Identification and Mitigation
| Feature | How to Check (Command Line) |
| Reject ACLs |
|
| Gateway MTU |
|
| DHCPv6 Options |
|
While administrators can mitigate these risks by disabling the affected features (such as clearing dhcpv6_options), the OVN team notes a significant drawback: “We do not recommend mitigating the vulnerability this way because it will also affect legitimate traffic going through the cluster”.
The OVN team has released patches for version 24.03 and newer. To ensure the security of your virtual network infrastructure, users are strongly urged to upgrade to one of the following known patched versions:
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
