CVE-2024-23849

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 35

NVD Status Modified

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.

Weaknesses

CWE-193: Off-by-one Error

CVE Status: PUBLISHED
NVD Status: Modified
CNA: MITRE
Published Date: 2024-01-23 09:15:36
(7 months ago)
Updated Date: 2024-06-27 13:15:55
(2 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

		CPE23	From	Up To
	Linux Kernel 6.7.1 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 6.7.1