CVE-2021-38598 in OpenStack and Canonical Products
Published on August 23, 2021
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
Products Associated with CVE-2021-38598
stack.watch emails you whenever new vulnerabilities are published in OpenStack Neutron or Canonical Ubuntu Linux. Just hit a watch button to start following.
Exploit Probability
EPSS
0.04%
Percentile
10.44%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.