CVE-2024-23849

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23849
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1219127
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5/
https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/ Mailing List Vendor Advisory
https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw%40mail.gmail.com Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

25 Mar 2024, 01:15

Type Values Removed Values Added
References
  • () https://bugzilla.suse.com/show_bug.cgi?id=1219127 -
  • () https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52 -

06 Feb 2024, 05:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5/ -

06 Feb 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ -

30 Jan 2024, 00:23

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-193
First Time Linux linux Kernel
Linux
References () https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/ - () https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/ - Mailing List, Vendor Advisory
References () https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw%40mail.gmail.com - () https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw%40mail.gmail.com - Mailing List, Vendor Advisory

23 Jan 2024, 13:43

Type Values Removed Values Added
Summary
  • (es) En rds_recv_track_latency en net/rds/af_rds.c en el kernel de Linux hasta 6.7.1, hay un error uno por uno para una comparación RDS_MSG_RX_DGRAM_TRACE_MAX, lo que resulta en un acceso fuera de los límites.

23 Jan 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-23 09:15

Updated : 2024-03-25 01:15

NVD link : CVE-2024-23849

Mitre link : CVE-2024-23849

CVE.ORG link : CVE-2024-23849

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-193

Off-by-one Error