Skip to content

Cherry-pick upstream fix for CVE-2024-5564

Chih-Hsuan Yen requested to merge CVE-2024-5564 into main

From https://nvd.nist.gov/vuln/detail/CVE-2024-5564,

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Merge request reports

Loading