Vulnerabilities > CVE-2024-1151 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:4823
- https://access.redhat.com/errata/RHSA-2024:4823
- https://access.redhat.com/errata/RHSA-2024:4831
- https://access.redhat.com/errata/RHSA-2024:4831
- https://access.redhat.com/errata/RHSA-2024:9315
- https://access.redhat.com/security/cve/CVE-2024-1151
- https://access.redhat.com/security/cve/CVE-2024-1151
- https://bugzilla.redhat.com/show_bug.cgi?id=2262241
- https://bugzilla.redhat.com/show_bug.cgi?id=2262241
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/
- https://lore.kernel.org/all/[email protected]/
- https://lore.kernel.org/all/[email protected]/