SB2024062465 - Buffer overflow in Linux kernel
Published: June 24, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062465
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-35884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c, within the __udp_is_mcast_sock() function in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8
- https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670
- https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd
- https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19
- https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4
- https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.5