A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2024-0607 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2258635 | Issue Tracking Patch Third Party Advisory |
https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 | Patch |
https://access.redhat.com/security/cve/CVE-2024-0607 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2258635 | Issue Tracking Patch Third Party Advisory |
https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 | Patch |
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html | |
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 08:46
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://access.redhat.com/security/cve/CVE-2024-0607 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2258635 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 - Patch |
27 Sep 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jun 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jun 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2024, 19:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/CVE-2024-0607 - Third Party Advisory | |
References | () https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 - Patch | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2258635 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.6 |
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
21 Jan 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-18 16:15
Updated : 2024-11-21 08:46
NVD link : CVE-2024-0607
Mitre link : CVE-2024-0607
CVE.ORG link : CVE-2024-0607
JSON object : View
Products Affected
linux
- linux_kernel
redhat
- enterprise_linux
fedoraproject
- fedora
CWE