PatchSiren cyber security CVE debrief

CVE-2024-23307 Linux CVE debrief

CVE-2024-23307 is a Linux kernel vulnerability classified by NVD as a CWE-190 integer overflow/wraparound issue. The CVSS 3.1 score is 4.4 (AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H), so the main concern is availability rather than data compromise. NVD’s affected-version criteria show multiple vulnerable release bands, making kernel update hygiene the key mitigation.

Vendor: Linux
Product: CVE-2024-23307
CVSS: MEDIUM 4.4
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-01-25
Original CVE updated: 2026-05-12
Advisory published: 2024-01-25
Advisory updated: 2026-05-12

Who should care

Linux platform owners, distro maintainers, server and appliance operators, and anyone running affected Linux kernel lines on systems where kernel availability matters. This is especially relevant for environments that rely on md/raid/raid5 functionality or custom kernel builds.

Technical summary

NVD associates CVE-2024-23307 with CWE-190 and Linux kernel version ranges spanning 4.1 up to, but not including, 6.1.84; 6.2 up to 6.6.24; 6.7 up to 6.7.12; and 6.8 up to 6.8.3. The supplied description characterizes the issue as an integer overflow or wraparound in Linux kernel code paths on x86 and ARM, including md/raid/raid5 modules, with the practical impact described as forced integer overflow and resulting availability loss. The record is not marked KEV in the supplied data.

Defensive priority

Medium priority. This is not a KEV item in the supplied corpus and the CVSS score is below the common critical/high bands, but it affects kernel code and can directly impact system availability. Patch during your normal expedited maintenance cycle, sooner for exposed or mission-critical hosts.

Recommended defensive actions

Check whether any Linux kernel systems fall within the affected version ranges listed by NVD.
Prioritize patching to the first fixed release in your distro or vendor channel for each affected branch.
Pay special attention to hosts using md/raid/raid5 functionality or custom kernels that may not inherit vendor backports automatically.
Verify remediation by confirming the running kernel version and vendor backport status after update.
Monitor vendor advisories and issue trackers referenced by NVD for any distro-specific guidance or backport notes.

Evidence notes

CVE publishedAt in the supplied timeline is 2024-01-25T07:15:09.940Z; modifiedAt is 2026-05-12T12:16:17.570Z. NVD metadata lists CVSS 3.1 vector AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H and CWE-190. The vulnerable CPE criteria identify four affected Linux kernel version bands with end versions 6.1.84, 6.6.24, 6.7.12, and 6.8.3. NVD references an OpenAnolis Bugzilla issue and a Siemens product security advisory.

Official resources

CVE-2024-23307 CVE record
CVE.org
CVE-2024-23307 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Issue Tracking, Permissions Required
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Publicly disclosed in the CVE record on 2024-01-25. The NVD entry was later modified on 2026-05-12; this debrief reflects the supplied published CVE data and NVD metadata, not the generation date.