SB2024062170 - Out-of-bounds read in Linux kernel ipv4
Published: June 21, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062170
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2024-37356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6
- https://git.kernel.org/stable/c/6aacaa80d962f4916ccf90e2080306cec6c90fcf
- https://git.kernel.org/stable/c/e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31
- https://git.kernel.org/stable/c/8602150286a2a860a1dc55cbd04f99316f19b40a
- https://git.kernel.org/stable/c/e65d13ec00a738fa7661925fd5929ab3c765d4be
- https://git.kernel.org/stable/c/02261d3f9dc7d1d7be7d778f839e3404ab99034c
- https://git.kernel.org/stable/c/237340dee373b97833a491d2e99fcf1d4a9adafd
- https://git.kernel.org/stable/c/3ebc46ca8675de6378e3f8f40768e180bb8afa66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33