UBUNTU-CVE-2024-6501

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2024-6501
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6501.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-6501
Related
Published
2024-07-09T20:15:00Z
Modified
2024-10-15T14:17:22Z
Summary
[none]
Details

A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.

References

Affected packages

Ubuntu:Pro:16.04:LTS / network-manager

Package

Name
network-manager
Purl
pkg:deb/ubuntu/network-manager?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.4-0ubuntu5
1.0.4-0ubuntu6
1.0.4-0ubuntu7
1.0.4-0ubuntu8
1.0.4-0ubuntu9
1.0.4-0ubuntu10
1.1.93-0ubuntu2
1.1.93-0ubuntu3
1.1.93-0ubuntu4
1.2.0-0ubuntu0.16.04.2
1.2.0-0ubuntu0.16.04.3
1.2.2-0ubuntu0.16.04.1
1.2.2-0ubuntu0.16.04.3
1.2.2-0ubuntu0.16.04.4
1.2.6-0ubuntu0.16.04.1
1.2.6-0ubuntu0.16.04.2
1.2.6-0ubuntu0.16.04.3

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "DoS only when DEBUG and LLDP are enabled"
}

Ubuntu:Pro:18.04:LTS / network-manager

Package

Name
network-manager
Purl
pkg:deb/ubuntu/network-manager?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.4-1ubuntu3
1.8.4-1ubuntu4
1.10.4-1ubuntu2
1.10.4-1ubuntu3
1.10.6-2ubuntu1
1.10.6-2ubuntu1.1
1.10.6-2ubuntu1.2
1.10.6-2ubuntu1.4
1.10.14-0ubuntu2

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "DoS only when DEBUG and LLDP are enabled"
}

Ubuntu:20.04:LTS / network-manager

Package

Name
network-manager
Purl
pkg:deb/ubuntu/network-manager?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.20.4-2ubuntu2
1.20.4-2ubuntu3
1.20.8-1ubuntu2
1.22.4-1ubuntu2
1.22.8-1ubuntu1
1.22.10-1ubuntu1
1.22.10-1ubuntu2.1
1.22.10-1ubuntu2.2
1.22.10-1ubuntu2.3
1.22.10-1ubuntu2.4

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "DoS only when DEBUG and LLDP are enabled"
}

Ubuntu:22.04:LTS / network-manager

Package

Name
network-manager
Purl
pkg:deb/ubuntu/network-manager?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.32.12-0ubuntu1
1.32.12-0ubuntu2
1.34.0-2ubuntu3
1.35.90-0ubuntu1
1.35.91-0ubuntu1
1.35.92-1ubuntu1
1.36.0-1ubuntu2
1.36.2-1ubuntu1
1.36.4-1ubuntu1
1.36.4-2ubuntu1
1.36.6-0ubuntu1
1.36.6-0ubuntu2

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "DoS only when DEBUG and LLDP are enabled"
}

Ubuntu:24.10 / network-manager

Package

Name
network-manager
Purl
pkg:deb/ubuntu/network-manager?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.46.0-1ubuntu2
1.46.0-1ubuntu3
1.48.2-1ubuntu1
1.48.4-1ubuntu1
1.48.6-1ubuntu1
1.48.8-1ubuntu2
1.48.8-1ubuntu3

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "DoS only when DEBUG and LLDP are enabled"
}

Ubuntu:24.04:LTS / network-manager

Package

Name
network-manager
Purl
pkg:deb/ubuntu/network-manager?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.44.2-1ubuntu1
1.44.2-1ubuntu1.1
1.44.2-1ubuntu2
1.44.2-7ubuntu1
1.45.90-1ubuntu1
1.45.90-1ubuntu3
1.46.0-1ubuntu2

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "DoS only when DEBUG and LLDP are enabled"
}