Auto-Update: 2024-01-21T13:00:24.281365+00:00

2025-07-09 16:05:11 +00:00 · 2024-01-21 13:00:27 +00:00 · 2024-01-21 13:00:27 +00:00 · 4b86e829df
commit 4b86e829df
parent f40c7f75cf
2 changed files with 21 additions and 14 deletions
--- a/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json
+++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json
@ -2,12 +2,16 @@
  "id": "CVE-2024-0607",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-01-18T16:15:08.690",
-  "lastModified": "2024-01-18T19:25:46.623",
+  "lastModified": "2024-01-21T12:15:07.993",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element, possibly leading to an out-of-bounds write. This flaw allows a local user to cause a denial of service or potentially escalate their privileges on the system."
+      "value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una falla en el subsistema Netfilter en el kernel de Linux. El problema est\u00e1 en la funci\u00f3n nft_byteorder_eval(), donde el c\u00f3digo itera a trav\u00e9s de un bucle y escribe en la matriz `dst`. En cada iteraci\u00f3n, se escriben 8 bytes, pero `dst` es una matriz de u32, por lo que cada elemento solo tiene espacio para 4 bytes. Eso significa que cada iteraci\u00f3n sobrescribe parte del elemento anterior, lo que posiblemente lleve a una escritura fuera de los l\u00edmites. Esta falla permite que un usuario local provoque una denegaci\u00f3n de servicio o potencialmente aumente sus privilegios en el sistema."
    }
  ],
  "metrics": {
@ -17,20 +21,20 @@
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
-          "confidentialityImpact": "HIGH",
-          "integrityImpact": "HIGH",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
          "availabilityImpact": "HIGH",
-          "baseScore": 7.8,
-          "baseSeverity": "HIGH"
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
-        "impactScore": 5.9
+        "impactScore": 4.7
      }
    ]
  },
@ -41,7 +45,7 @@
      "description": [
        {
          "lang": "en",
-          "value": "CWE-787"
+          "value": "CWE-229"
        }
      ]
    }
@ -54,6 +58,10 @@
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635",
      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63",
+      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-21T11:00:24.367184+00:00
+2024-01-21T13:00:24.281365+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-21T10:15:08.337000+00:00
+2024-01-21T12:15:07.993000+00:00
 ```

 ### Last Data Feed Release
@ -34,16 +34,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `0`

-* [CVE-2023-6531](CVE-2023/CVE-2023-65xx/CVE-2023-6531.json) (`2024-01-21T10:15:07.967`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

-* [CVE-2024-0584](CVE-2024/CVE-2024-05xx/CVE-2024-0584.json) (`2024-01-21T10:15:08.337`)
+* [CVE-2024-0607](CVE-2024/CVE-2024-06xx/CVE-2024-0607.json) (`2024-01-21T12:15:07.993`)


 ## Download and Usage