« List of all CVEs

CVE-2024-0607

Kernel: nf_tables: pointer math issue in nft_byteorder_eval()

Published: 1/18/2024 Last updated: 11/20/2025 Reserved: 1/16/2024

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 6.6 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (15)

Product Vendor Version
Red Hat Enterprise Linux 8 Red Hat < cc82c6dff548f0066a51a6e577c7454e7d26a968
Red Hat Enterprise Linux 7 Red Hat < 4191ea1f0bb3e27d65c5dcde7bd00e709ec67141
2.6.19
Red Hat Enterprise Linux 6 Red Hat < 2.6.19
Red Hat Enterprise Linux 7 Red Hat <= 4.14.*
Red Hat Enterprise Linux 8 Red Hat <= 5.4.*
Red Hat Enterprise Linux 9 Red Hat <= 5.15.*
Red Hat Enterprise Linux 9 Red Hat 5.8
Red Hat Enterprise Linux 6 Red Hat < 3fc11ff13fbc2749871d6ac2141685cf54699997
Red Hat Enterprise Linux 8 Red Hat < ab529e6ca1f67bcf31f3ea80c72bffde2e9e053e
Red Hat Enterprise Linux 7 Red Hat <= 4.19.*
Red Hat Enterprise Linux 9 Red Hat < 5.8
Red Hat Enterprise Linux 9 Red Hat <= 6.1.*
Red Hat Enterprise Linux 8 Red Hat <= 5.10.*
Red Hat Enterprise Linux 7 Red Hat < 4735f5991f51468b85affb8366b7067248457a71

References (16)