The vulnerability arises from the Open Virtual Network (OVN) component in Red Hat Fast Datapath for RHEL 10, where ICMP error response generation uses the IP header's declared total length to copy packet data without verifying it against the actual packet size. This can lead to heap memory over-read, potentially leaking memory contents in ICMP error messages sent back to the VM. The issue affects multiple architectures of RHEL 8 Fast Datapath and has been assigned CVE-2026-5265 with a CVSS 3.1 base score of 6.5 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H). Red Hat has released security updates (RHSA-2026:11694 and RHSA-2026:11695) that fix this vulnerability in ovn-2021 and ovn23.06 packages. Detailed patch instructions are available in Red Hat's advisory and knowledge base articles.

The vulnerability allows a remote attacker with network access to send specially crafted packets that trigger ICMP error responses containing heap memory beyond the valid packet data. This results in partial information disclosure (confidentiality impact) and can cause denial of service (availability impact) due to heap over-read. There is no indication of integrity impact. The CVSS score reflects a medium severity with a requirement for high attack complexity and no privileges or user interaction needed.

Red Hat has released official security updates that address this vulnerability. Users should apply the provided patches for the ovn-2021 or ovn23.06 packages on Red Hat Enterprise Linux Fast Datapath 8 for their respective architectures (x86_64, ppc64le, s390x, aarch64). The vendor advisory explicitly states that these updates fix the heap over-read issue in ICMP error response generation. Refer to Red Hat's official advisory RHSA-2026:11694 and RHSA-2026:11695 and the knowledge base article https://access.redhat.com/articles/11258 for detailed update instructions. No additional mitigation steps are required beyond applying these official patches.