#VU87165 Stack-based buffer overflow in Linux kernel - CVE-2024-1151


Vulnerability identifier: #VU87165

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1151

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the Open vSwitch sub-component in the Linux Kernel. A remote unauthenticated attacker can send specially crafted packets to the system. trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 6.8, 6.8

External links
https://access.redhat.com/security/cve/CVE-2024-1151
https://bugzilla.redhat.com/show_bug.cgi?id=2262241
https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Dell SmartFabric Storage Software update for third-party components
Amazon Linux AMI update for kernel
Ubuntu update for linux-oem-6.5
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13
Multiple vulnerabilities in Dell Data Protection Central
Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)
Red Hat Enterprise Linux 9 update for kernel-rt
Red Hat Enterprise Linux 9 update for kernel
Ubuntu update for linux-aws-6.5
Ubuntu update for linux-hwe-6.5