CVE-2024-0607Improper Handling of Values in Kernel

CWE-229Improper Handling of ValuesCWE-787Out-of-bounds Write17 documents9 sources
Severity
6.6MEDIUMNVD
EPSS
0.0%
top 94.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedJan 18
Latest updateApr 17

Description

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 1.8 | Impact: 4.7

Affected Packages2 packages

NVDlinux/linux_kernel< 6.7+1
Debianlinux/linux_kernel< 5.10.216-1+3

Also affects: Enterprise Linux 8.0, 9.0, Fedora 39

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-6xx6-9hj3-4rv2: A flaw was found in the Netfilter subsystem in the Linux kernel2024-01-18
OSV
CVE-2024-0607: A flaw was found in the Netfilter subsystem in the Linux kernel2024-01-18
CVEList
Kernel: nf_tables: pointer math issue in nft_byteorder_eval()2024-01-18

📋Vendor Advisories

12
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2024-04-17
Ubuntu
Linux kernel (IoT) vulnerabilities2024-04-16
Ubuntu
Linux kernel vulnerabilities2024-04-09
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-03-27
Ubuntu
Linux kernel (AWS) vulnerabilities2024-03-20

💬Community

1
Bugzilla
CVE-2024-0607 kernel: nf_tables: pointer math issue in nft_byteorder_eval()2024-01-16
CVE-2024-0607 — Improper Handling of Values in Kernel | cvebase