CVE-2024-1151 — MEDIUM (5.5)

Q: How severe is CVE-2024-1151?

CVE-2024-1151 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-1151?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Fedoraproject Fedora, Redhat Enterprise Linux, Linux Linux Kernel.

Vulnerability Description

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	10.0
Fedoraproject	Fedora	38
Redhat	Enterprise Linux	8.0
Linux	Linux Kernel	<= 6.7.8

Related Weaknesses (CWE)

CWE-121 CWE-787

References

https://access.redhat.com/errata/RHSA-2024:4823Issue Tracking
https://access.redhat.com/errata/RHSA-2024:4831Issue Tracking
https://access.redhat.com/errata/RHSA-2024:9315
https://access.redhat.com/security/cve/CVE-2024-1151Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2262241Issue TrackingThird Party Advisory
https://lore.kernel.org/all/[email protected]/Patch
https://access.redhat.com/errata/RHSA-2024:4823Issue Tracking
https://access.redhat.com/errata/RHSA-2024:4831Issue Tracking
https://access.redhat.com/security/cve/CVE-2024-1151Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2262241Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.fedoraproject.org/archives/list/[email protected]
https://lists.fedoraproject.org/archives/list/[email protected]
https://lore.kernel.org/all/[email protected]/Patch

FAQ

What is CVE-2024-1151?

CVE-2024-1151 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does n...

How severe is CVE-2024-1151?

CVE-2024-1151 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-1151?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Fedoraproject Fedora, Redhat Enterprise Linux, Linux Linux Kernel.