CVE-2024-23849

5.5 MEDIUM

Published: January 23, 2024 Modified: November 04, 2025

Description

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1219127

Source: cve@mitre.org

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5/

Source: cve@mitre.org

https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/

Source: cve@mitre.org

Mailing List Vendor Advisory

https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw%40mail.gmail.com

Source: cve@mitre.org

Mailing List Vendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1219127