How severe is CVE-2024-0607?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2024-0607?

This is classified as CWE-229, which is a common weakness in software security.

CVE-2024-0607 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

Related Vulnerabilities

CVE-2024-29460

MEDIUM

CVSS:6.6(Medium)

An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.

CWE-2292024

CVE-2024-20431

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vuln...

CWE-2292024

CVE-2022-22562

HIGH

CVSS:7.5(High)

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.

CWE-2292022

CVE-2022-24412

HIGH

CVSS:7.5(High)

Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-servi...

CWE-2292022

CVE-2024-39531

HIGH

CVSS:7.5(High)

An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a D...

CWE-2292024

CVE-2024-30800

MEDIUM

CVSS:5.6(Medium)

PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.

CWE-2292024