CVE-2024-0607 — MEDIUM (6.6)

Q: How severe is CVE-2024-0607?

CVE-2024-0607 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-0607?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Enterprise Linux.

Vulnerability Description

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 6.7
Fedoraproject	Fedora	39
Redhat	Enterprise Linux	8.0

Related Weaknesses (CWE)

CWE-229

References

https://access.redhat.com/security/cve/CVE-2024-0607Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2258635Issue TrackingPatchThird Party Advisory
https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb6Patch
https://access.redhat.com/security/cve/CVE-2024-0607Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2258635Issue TrackingPatchThird Party Advisory
https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb6Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

FAQ

What is CVE-2024-0607?

CVE-2024-0607 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iterat...

How severe is CVE-2024-0607?

CVE-2024-0607 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-0607?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Enterprise Linux.