CVE-2024-1151: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel (CVE-2024-1151). The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. The vulnerability was discovered in February 2024 and affects Linux Kernel versions up to 6.7.8 (NVD, Red Hat).

The vulnerability exists in the Open vSwitch kernel module's Netlink copy code. When processing action lists from netlink sockets, the module creates a copy for action set processing. While the module tracks execution depth during packet processing, it fails to check recursion depth during netlink processing, assuming the kernel stack can handle any size. This particularly affects actions like sample(), clone(), and dec_ttl() that include additional recursive operations. The issue has a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability can lead to a system crash or other related issues when exploited, primarily resulting in a denial of service condition. The impact is limited to local attacks and requires low privileges to execute (NVD).

The issue has been fixed in Linux kernel 6.7.5 and later versions. The fix includes implementing a depth limit during the __ovs_nla_copy_actions() call to ensure it doesn't exceed the maximum that the OVS userspace could generate for a clone(). Various Linux distributions have released patches, including Red Hat Enterprise Linux, Fedora, and Ubuntu (Kernel Patch, Red Hat).