CVE-2024-1151 - Vulnerability Details

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.8:-::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc4::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.75.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4823	2024-07-24T00:00:00Z
kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:4831	2024-07-24T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:4823
https://access.redhat.com/errata/RHSA-2024:4831
https://access.redhat.com/errata/RHSA-2024:9315
https://access.redhat.com/security/cve/CVE-2024-1151
https://bugzilla.redhat.com/show_bug.cgi?id=2262241
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/
https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/
https://nvd.nist.gov/vuln/detail/CVE-2024-1151
https://www.cve.org/CVERecord?id=CVE-2024-1151

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/

Wed, 13 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9

Tue, 12 Nov 2024 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2024:9315

Thu, 05 Sep 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Fedoraproject Fedoraproject fedora Linux Linux linux Kernel
Weaknesses		CWE-787
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.8:-:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc4:::::: cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
Vendors & Products		Debian Debian debian Linux Fedoraproject Fedoraproject fedora Linux Linux linux Kernel

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-02-11T14:29:48.797Z

Updated: 2025-07-30T14:08:47.178Z

Reserved: 2024-02-01T11:25:18.149Z

Link: CVE-2024-1151

Vulnrichment

Updated: 2024-08-01T18:26:30.497Z

NVD

Status : Modified

Published: 2024-02-11T15:15:07.890

Modified: 2024-11-21T08:49:54.940

Link: CVE-2024-1151

Redhat

Severity : Moderate

Publid Date: 2024-02-07T00:00:00Z

Links: CVE-2024-1151 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-1151", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-02-01T11:25:18.149Z", "datePublished": "2024-02-11T14:29:48.797Z", "dateUpdated": "2025-07-30T14:08:47.178Z"}, "containers": {"cna": {"title": "Kernel: stack overflow problem in open vswitch kernel module leading to dos", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-503.11.1.el9_5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-503.11.1.el9_5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-284.75.1.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "versions": [{"version": "0:5.14.0-284.75.1.rt14.360.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4823", "name": "RHSA-2024:4823", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4831", "name": "RHSA-2024:4831", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9315", "name": "RHSA-2024:9315", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1151", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241", "name": "RHBZ#2262241", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/"}], "datePublic": "2024-02-07T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow", "workarounds": [{"lang": "en", "value": "To mitigate this issue, prevent module openvswitch from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}], "timeline": [{"lang": "en", "time": "2024-02-01T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Aaron Conole (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-30T14:08:47.178Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1151", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T14:32:05.476230Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:42.253Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.497Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4823", "name": "RHSA-2024:4823", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4831", "name": "RHSA-2024:4831", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1151", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241", "name": "RHBZ#2262241", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/", "tags": ["x_transferred"]}, {"url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4823", "name": "RHSA-2024:4823", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4831", "name": "RHSA-2024:4831", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1151", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241", "name": "RHBZ#2262241", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/", "tags": ["x_transferred"]}, {"url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.497Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1151", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T14:32:05.476230Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:39.702Z"}}], "cna": {"title": "Kernel: stack overflow problem in open vswitch kernel module leading to dos", "credits": [{"lang": "en", "value": "This issue was discovered by Aaron Conole (Red Hat)."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:5.14.0-503.11.1.el9_5", "lessThan": "*", "versionType": "rpm"}], "packageName": "kernel", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:5.14.0-503.11.1.el9_5", "lessThan": "*", "versionType": "rpm"}], "packageName": "kernel", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:5.14.0-284.75.1.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "kernel", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:5.14.0-284.75.1.rt14.360.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "kernel-rt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "kernel", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "kernel", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "kernel-rt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "kernel", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "kernel-rt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "kernel-rt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-02-01T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-02-07T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4823", "name": "RHSA-2024:4823", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4831", "name": "RHSA-2024:4831", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9315", "name": "RHSA-2024:9315", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1151", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241", "name": "RHBZ#2262241", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/"}], "workarounds": [{"lang": "en", "value": "To mitigate this issue, prevent module openvswitch from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-30T14:08:47.178Z"}, "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"}}, "cveMetadata": {"cveId": "CVE-2024-1151", "state": "PUBLISHED", "dateUpdated": "2025-07-30T14:08:47.178Z", "dateReserved": "2024-02-01T11:25:18.149Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-02-11T14:29:48.797Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "95B27575-4D45-482C-9E12-C0008BCB9CB8", "versionEndIncluding": "6.7.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*", "matchCriteriaId": "41E47F32-BA80-4333-96FD-4D25082B0FDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues."}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad en el subcomponente Open vSwitch del kernel de Linux. La falla ocurre cuando una operaci\u00f3n recursiva de inserci\u00f3n de c\u00f3digo llama recursivamente al bloque de c\u00f3digo. El m\u00f3dulo OVS no valida la profundidad de la pila, lo que empuja demasiados fotogramas y provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Como resultado, esto puede provocar un bloqueo u otros problemas relacionados."}], "id": "CVE-2024-1151", "lastModified": "2024-11-21T08:49:54.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-11T15:15:07.890", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://access.redhat.com/errata/RHSA-2024:4823"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://access.redhat.com/errata/RHSA-2024:4831"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:9315"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-1151"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://access.redhat.com/errata/RHSA-2024:4823"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://access.redhat.com/errata/RHSA-2024:4831"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-1151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Aaron Conole (Red Hat).", "affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:4823", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.75.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4831", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}], "bugzilla": {"description": "kernel: stack overflow problem in Open vSwitch kernel module leading to DoS", "id": "2262241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-121", "details": ["A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.", "A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent module openvswitch from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2024-1151", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1151\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1151\nhttps://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object