PT-2024-1292 · Linux+5 · Linux Kernel+5

Chenyuan Yang

·

Published

2024-01-19

·

Updated

2026-02-18

·

CVE-2024-23849

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.7.1
Description The issue is related to an off-by-one error in the rds recv track latency function in the Linux kernel, specifically in the net/rds/af rds.c file. This error occurs during an RDS MSG RX DGRAM TRACE MAX comparison, resulting in out-of-bounds access. The exploitation of this issue may allow an attacker to impact the availability of protected information.
Recommendations For Linux kernel versions through 6.7.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-193CWE-119

Related Identifiers

ALT-PU-2024-10855
ALT-PU-2024-1867
ALT-PU-2025-12647
AZL-33962
AZL-34878
BDU:2024-00731
CVE-2024-23849
DLA-3840-1
DLA-3842-1
DSA-5681-1
OESA-2024-1109
OESA-2024-1110
OESA-2024-1114
OESA-2024-1175
OESA-2024-1176
OESA-2024-1180
OPENSUSE-SU-2024_0857-1
OPENSUSE-SU-2024_0858-1
SUSE-SU-2024:0855-1
SUSE-SU-2024:0856-1
SUSE-SU-2024:0857-1
SUSE-SU-2024:0858-1
SUSE-SU-2024:0900-1
SUSE-SU-2024:0900-2
SUSE-SU-2024:0910-1
SUSE-SU-2024:0925-1
SUSE-SU-2024:0926-1
SUSE-SU-2024:0975-1
SUSE-SU-2024:0976-1
SUSE-SU-2024:0977-1
USN-6688-1
USN-6765-1
USN-6766-1
USN-6766-2
USN-6766-3
USN-6767-1
USN-6767-2
USN-6795-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4
USN-6828-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu