CVE-2024-0607

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-0607
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0607.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-0607
Downstream
Related
Published
2024-01-18T16:15:08Z
Modified
2025-08-09T20:01:26Z
Severity
  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nftbyteordereval() function, where the code iterates through a loop and writes to the dst array. On each iteration, 8 bytes are written, but dst is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

References

Affected packages