5.5
CVE-2024-1151
- EPSS 0.27%
- Veröffentlicht 11.02.2024 15:15:07
- Zuletzt bearbeitet 21.11.2024 08:49:54
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Kernel: stack overflow problem in open vswitch kernel module leading to dos
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Linux ≫ Linux Kernel Version <= 6.7.8
Linux ≫ Linux Kernel Version6.8 Update-
Linux ≫ Linux Kernel Version6.8 Updaterc1
Linux ≫ Linux Kernel Version6.8 Updaterc2
Linux ≫ Linux Kernel Version6.8 Updaterc3
Linux ≫ Linux Kernel Version6.8 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.183 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| secalert@redhat.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://access.redhat.com/errata/RHSA-2024:4823
https://access.redhat.com/errata/RHSA-2024:4831
https://access.redhat.com/errata/RHSA-2024:9315
https://access.redhat.com/security/cve/CVE-2024-1151
https://bugzilla.redhat.com/show_bug.cgi?id=2262241
https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/