CVE-2024-1151

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 4

Advisories 26

NVD Status Modified

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.

Weaknesses

CWE-121: Stack-based Buffer Overflow
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
NVD Status: Modified
CNA: Red Hat, Inc.
Published Date: 2024-02-11 15:15:07
(7 months ago)
Updated Date: 2024-09-05 16:15:07
(11 days ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Fedoraproject Fedora 38	cpe:2.3:o:fedoraproject:fedora:38
	Fedoraproject Fedora 39	cpe:2.3:o:fedoraproject:fedora:39
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0

Configuration #2

	CPE23	Up To
Linux Kernel 6.7.8 and prior versions	cpe:2.3:o:linux:linux_kernel	<= 6.7.8
Linux Kernel 6.8	cpe:2.3:o:linux:linux_kernel:6.8:-
Linux Kernel 6.8 Rc1	cpe:2.3:o:linux:linux_kernel:6.8:rc1
Linux Kernel 6.8 Rc2	cpe:2.3:o:linux:linux_kernel:6.8:rc2
Linux Kernel 6.8 Rc3	cpe:2.3:o:linux:linux_kernel:6.8:rc3
Linux Kernel 6.8 Rc4	cpe:2.3:o:linux:linux_kernel:6.8:rc4

Weaknesses

Affected Products

Debian

Fedoraproject

Linux

Redhat

Configuration #1

Configuration #2