This security update addresses two vulnerabilities in OVN 25.03: a heap over-read during ICMP error response generation (CVE-2026-5265, CVSS 6.5 MEDIUM) and an information disclosure via crafted DHCPv6 packets (CVE-2026-5367, CVSS 8.6 HIGH). The affected package is ovn25.03 for Red Hat Enterprise Linux Fast Datapath 10, and the fix is provided in version ovn25.03-25.03.2-100.el10fdp.
Red Hat Product Errata RHSA-2026:22110 - Security Advisory Issued: 2026-06-01 Updated: 2026-06-01 RHSA-2026:22110 - Security Advisory Overview Updated Packages Synopsis Important: ovn25.03 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for ovn25.03 is now available for Fast Datapath for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265) ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Fast Datapath 10 x86_64 Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 10 ppc64le Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 10 s390x Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 10 aarch64 Fixes BZ - 2453458 - CVE-2026-5265 ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue BZ - 2455863 - CVE-2026-5367 ovn: OVN: Information disclosure via crafted DHCPv6 packets FDP-3263 - CLONE [ovn25.03 fast-datapath-rhel-10] - Upstream: error log in ovn-northd.log when set port security for vrrp FDP-3488 - CLONE [ovn25.03 fast-datapath-rhel-10] - Upstream: Add dash version suffix to the internal version string FDP-3500 - CLONE [ovn25.03 fast-datapath-rhel-10] - Upstream: Add dash version suffix to the internal version string FDP-3541 - CLONE [ovn25.03 fast-datapath-rhel-10] - Upstream: [BGP][EVPN] Learned routes with indirect nexthop are ignored by ovn-northd FDP-3697 - OVN 25.03 FDP-OVN-26.n4 RHEL 10 Release CVEs CVE-2026-5265 CVE-2026-5367 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Fast Datapath 10 SRPM ovn25.03-25.03.2-100.el10fdp.src.rpm SHA-256: b18e873360cd8144c0dda77fe7fe3ae0a786c15009be4fe201d57307fe588efc x86_64 ovn25.03-25.03.2-100.el10fdp.x86_64.rpm SHA-256: 14809e9033e1b552e1e24048c8bd9bcdead70f00f461065e5fe0155100c252de ovn25.03-central-25.03.2-100.el10fdp.x86_64.rpm SHA-256: 0f125f75549ee81d6f6ea5d2be04a4b653398e1530b0b2649f7218e67a52c97c ovn25.03-host-25.03.2-100.el10fdp.x86_64.rpm SHA-256: 3b8f980fff187a61908ce1db74b61351a62d83c04fc662fb506f670922159582 ovn25.03-vtep-25.03.2-100.el10fdp.x86_64.rpm SHA-256: 47907c55ad6909262fc23f5a71451a0ba5d07436d79176f22a3f6c3dea20f23b Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 10 SRPM ovn25.03-25.03.2-100.el10fdp.src.rpm SHA-256: b18e873360cd8144c0dda77fe7fe3ae0a786c15009be4fe201d57307fe588efc ppc64le ovn25.03-25.03.2-100.el10fdp.ppc64le.rpm SHA-256: 14b31f2ead5210a4612fcc363fe20fe6e25a78faf65f1ef1b354a26e8f950502 ovn25.03-central-25.03.2-100.el10fdp.ppc64le.rpm SHA-256: f39ea10f2b22c2e8093fcfea73fcd4d3e641572b876dd783c3a3149caffd4f66 ovn25.03-host-25.03.2-100.el10fdp.ppc64le.rpm SHA-256: 156e86dd3a521cdc0256cce5fb7cd8094cc21da22c5d62d8fe2ecbcff344a8b2 ovn25.03-vtep-25.03.2-100.el10fdp.ppc64le.rpm SHA-256: 30ad9c83f9515255bfd665ac9cb13cdfaf590fa24d340bb1237e1628b393d133 Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 10 SRPM ovn25.03-25.03.2-100.el10fdp.src.rpm SHA-256: b18e873360cd8144c0dda77fe7fe3ae0a786c15009be4fe201d57307fe588efc s390x ovn25.03-25.03.2-100.el10fdp.s390x.rpm SHA-256: b6a0c2c32e1f0f6298ccf389b6814dae30cd04a2d6363c0f6a0c242cd8a8c74b ovn25.03-central-25.03.2-100.el10fdp.s390x.rpm SHA-256: 755ae8a3ffadef22a12d2a7bcb7faff7727bc1ac7f45163ec876b05f72702c72 ovn25.03-host-25.03.2-100.el10fdp.s390x.rpm SHA-256: d16fb3938bfcc9bfd7e789dc12fb288651e8d7b72883154f8758c04ac37879b1 ovn25.03-vtep-25.03.2-100.el10fdp.s390x.rpm SHA-256: 38b2b30d8ddf627b6749649a2cf59ce0ab0c7cc4c686462a58eceebb752db7f7 Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 10 SRPM ovn25.03-25.03.2-100.el10fdp.src.rpm SHA-256: b18e873360cd8144c0dda77fe7fe3ae0a786c15009be4fe201d57307fe588efc aarch64 ovn25.03-25.03.2-100.el10fdp.aarch64.rpm SHA-256: c030cbdd58254c46e529fd6520504eda44a0d1456b4d12ebeb910dd6930df361 ovn25.03-central-25.03.2-100.el10fdp.aarch64.rpm SHA-256: d9d824eba5077927587d22de4b86f63453fc91cc04d0240b25dc78fc69982d23 ovn25.03-host-25.03.2-100.el10fdp.aarch64.rpm SHA-256: 65764cea6852410078d3f7dc3003ce8c138a90f482e57442d321176142dc2532 ovn25.03-vtep-25.03.2-100.el10fdp.aarch64.rpm SHA-256: e8af106dfa61ed33f559545028f80de9c30d95beb1c16677b5a7a62c9c63d175 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .