SB20240711145 - Denial of service in Linux kernel openvswitch
Published: July 11, 2024
Security Bulletin ID
SB20240711145
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2024-38558)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6a51ac92bf35d34b4996d6eb67e2fe469f573b11
- https://git.kernel.org/stable/c/0b532f59437f688563e9c58bdc1436fefa46e3b5
- https://git.kernel.org/stable/c/5ab6aecbede080b44b8e34720ab72050bf1e6982
- https://git.kernel.org/stable/c/483eb70f441e2df66ade78aa7217e6e4caadfef3
- https://git.kernel.org/stable/c/9ec8b0ccadb908d92f7ee211a4eff05fd932f3f6
- https://git.kernel.org/stable/c/78741b4caae1e880368cb2f5110635f3ce45ecfd
- https://git.kernel.org/stable/c/431e9215576d7b728f3f53a704d237a520092120
- https://git.kernel.org/stable/c/d73fb8bddf89503c9fae7c42e50d44c89909aad6
- https://git.kernel.org/stable/c/7c988176b6c16c516474f6fceebe0f055af5eb56
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html