CVE-2024-23849

Published: Jan 23, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw%40mail.gmail.com

https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/

FEDORA-2024-2116a8468b

vendor-advisory

FEDORA-2024-cf47b35a6c

vendor-advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52

https://bugzilla.suse.com/show_bug.cgi?id=1219127

[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update

mailing-list

[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-23849

Description

Affected Products

References