6.6
CVE-2024-0607
- EPSS 0.02%
- Veröffentlicht 18.01.2024 16:15:08
- Zuletzt bearbeitet 21.11.2024 08:46:59
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 6.7
Linux ≫ Linux Kernel Version6.7 Updaterc1
Fedoraproject ≫ Fedora Version39
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.043 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.6 | 1.8 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
| secalert@redhat.com | 6.6 | 1.8 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
CWE-229 Improper Handling of Values
The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.