CVE-2024-5564

Summary

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Affected Software

VendorProductVersion RangeStatus
1.0 < 1.7-7affected
Red HatRed Hat Enterprise Linux 100:1.9-2.el10 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.2-10.el7_9 < *unaffected
Red HatRed Hat Enterprise Linux 80:1.7-7.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support0:1.7-4.el8_2 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:1.7-6.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service0:1.7-6.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions0:1.7-6.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:1.7-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:1.7-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:1.7-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support0:1.7-7.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.8-6.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:1.8-5.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:1.8-5.el9_2 < *unaffected

Weaknesses

  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Workarounds

Currently there is no mitigation available for this vulnerability. Please make sure to update as the fixes become available.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References