CVE-2024-1151 — Stack-based Buffer Overflow in Kernel

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write26 documents9 sources

Severity

5.5MEDIUMNVD

OSV6.5

EPSS

0.0%

top 94.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedFeb 11

Latest updateAug 2

Description

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianlinux/linux_kernel< 5.10.216-1+3

▶NVDlinux/linux_kernel6.7.8+1

Also affects: Debian Linux 10.0, Enterprise Linux 8.0, 9.0, Fedora 38, 39

Patches

Patch: lore.kernel.org ↗Patch: lore.kernel.org ↗

🔴Vulnerability Details

OSV

linux-oem-6.5 vulnerabilities↗2024-08-02

▶

OSV

linux-hwe-6.5 vulnerabilities↗2024-07-17

▶

OSV

linux-azure-6.5, linux-gcp-6.5 vulnerabilities↗2024-07-16

▶

OSV

linux, linux-gcp, linux-nvidia-6.5, linux-raspi vulnerabilities↗2024-07-12

▶

OSV

linux-intel-iotg vulnerabilities↗2024-05-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2024-08-02

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-19

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-17

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-16

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-12

▶

💬Community

Bugzilla

CVE-2024-1151 kernel: stack overflow problem in Open vSwitch kernel module leading to DoS↗2024-02-01

▶