CVE-2024-23849: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-23849 affects the Linux kernel through version 6.7.1. The vulnerability is located in the rds_recv_track_latency function in net/rds/af_rds.c, where an off-by-one error exists in the RDS_MSG_RX_DGRAM_TRACE_MAX comparison (NVD, MITRE).

The vulnerability is caused by an off-by-one error in the bounds checking logic within the rds_recv_track_latency function. When reading inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1), but with array size of 4 (RDS_RX_MAX_TRACES), it results in an out-of-bounds access. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Kernel Patch).

The vulnerability can lead to an out-of-bounds read access, which could potentially cause a denial of service through system crashes. The issue affects the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel (SUSE Bug).

The vulnerability has been fixed in Linux kernel version 6.7.3 and backported to various distributions. The fix involves correcting the bounds check in rds_recv_track_latency by changing the comparison operator from '>' to '>=' for RDS_MSG_RX_DGRAM_TRACE_MAX. Updates are available for Fedora 38, Fedora 39, and other major distributions (Fedora Update).