First published: Tue Jan 23 2024(Updated: )
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <=6.7.1 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23849 is classified as a high-severity vulnerability due to its potential for out-of-bounds access in the Linux kernel.
To mitigate CVE-2024-23849, upgrade to a patched version of the Linux kernel, specifically versions newer than 6.7.1.
CVE-2024-23849 affects Linux kernel versions up to and including 6.7.1.
CVE-2024-23849 was reported by Sharath Srinivasan from Oracle.
CVE-2024-23849 involves an off-by-one error that leads to out-of-bounds access in the rds_recv_track_latency function.