[ovs-discuss] [ADVISORY] CVE-2023-3966: Open vSwitch: Invalid memory access in Geneve with HW offload.

Description === Multiple versions of Open vSwitch are vulnerable to crafted Geneve packets causing invalid memory accesses and potential denial of service. Triggering the vulnerability requires that Open vSwitch has flow hardware offload with Linux TC flower enabled (other_config:hw-offloa

[ovs-discuss] [ADVISORY] CVE-2023-5366: Open vSwitch: OpenFlow match on Neighbor Discovery Target may be ignored

Description === In multiple versions of Open vSwitch, if OpenFlow rules on a switch contain a match on a Target Address (nd_target) of Neighbor Discovery IPv6 packets (Neighbor Solicitation or Neighbor Advertisement) without also matching on ICMPv6 Code (icmp_code or icmpv6_code) field bei