CVE-2024-1151

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*

History

21 Nov 2024, 08:49

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/ -
References () https://access.redhat.com/errata/RHSA-2024:4823 - Issue Tracking () https://access.redhat.com/errata/RHSA-2024:4823 - Issue Tracking
References () https://access.redhat.com/errata/RHSA-2024:4831 - Issue Tracking () https://access.redhat.com/errata/RHSA-2024:4831 - Issue Tracking
References () https://access.redhat.com/security/cve/CVE-2024-1151 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2024-1151 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2262241 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2262241 - Issue Tracking, Third Party Advisory
References () https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/ - Patch () https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/ - Patch

12 Nov 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9315 -

05 Sep 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}

05 Sep 2024, 14:17

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2024:4823 - () https://access.redhat.com/errata/RHSA-2024:4823 - Issue Tracking
References () https://access.redhat.com/errata/RHSA-2024:4831 - () https://access.redhat.com/errata/RHSA-2024:4831 - Issue Tracking
References () https://access.redhat.com/security/cve/CVE-2024-1151 - () https://access.redhat.com/security/cve/CVE-2024-1151 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2262241 - () https://bugzilla.redhat.com/show_bug.cgi?id=2262241 - Issue Tracking, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/ - Mailing List
References () https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/ - () https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/ - Patch
CWE CWE-787
First Time Redhat
Debian
Debian debian Linux
Fedoraproject fedora
Linux
Linux linux Kernel
Fedoraproject
Redhat enterprise Linux
CPE cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*

24 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4823 -
  • () https://access.redhat.com/errata/RHSA-2024:4831 -

25 Jun 2024, 23:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -

22 Feb 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/ -

22 Feb 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/ -
Summary
  • (es) Se informó una vulnerabilidad en el subcomponente Open vSwitch del kernel de Linux. La falla ocurre cuando una operación recursiva de inserción de código llama recursivamente al bloque de código. El módulo OVS no valida la profundidad de la pila, lo que empuja demasiados fotogramas y provoca un desbordamiento de búfer en la región stack de la memoria. Como resultado, esto puede provocar un bloqueo u otros problemas relacionados.

11 Feb 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-11 15:15

Updated : 2024-11-21 08:49


NVD link : CVE-2024-1151

Mitre link : CVE-2024-1151

CVE.ORG link : CVE-2024-1151


JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel

fedoraproject

  • fedora

redhat

  • enterprise_linux
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write