This related bug to this card has not been fixed yet as we found a broader exposure in CORENET-5630.

Impact statement for the OCPBUGS-37205 series:

Which 4.y.z to 4.y'.z' updates increase vulnerability?

All 4.14 to 4.15 until we have a fixed 4.15

Which types of clusters?

Clusters that use OVN networking with IPsec enabled, where more than one MachineConfigPool (MCP) is configured for worker nodes and at least one of the MCP is paused. Default cluster configuration with a single MCP for master nodes and single for worker nodes is not affected.

What is the impact? Is it serious enough to warrant removing update recommendations?

Worker nodes in the paused MachineConfigPool lose SDN connectivity, which affects workloads.

How involved is remediation?

The paused MCP can be unpaused which resolves the issue

Is this a regression?

Yes.