{"id":"UBUNTU-CVE-2024-6501","details":"A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.","modified":"2026-03-13T06:01:07.289668Z","published":"2024-07-09T20:15:00Z","upstream":["CVE-2024-6501"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-6501"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-6501"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-6501"}],"affected":[{"package":{"name":"network-manager","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/network-manager@1.46.0-1ubuntu2.6?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.44.2-1ubuntu1","1.44.2-1ubuntu1.1","1.44.2-1ubuntu2","1.44.2-7ubuntu1","1.45.90-1ubuntu1","1.45.90-1ubuntu3","1.46.0-1ubuntu2","1.46.0-1ubuntu2.2","1.46.0-1ubuntu2.3","1.46.0-1ubuntu2.4","1.46.0-1ubuntu2.5","1.46.0-1ubuntu2.6"],"ecosystem_specific":{"priority_reason":"DoS only when DEBUG and LLDP are enabled","binaries":[{"binary_version":"1.46.0-1ubuntu2.6","binary_name":"gir1.2-nm-1.0"},{"binary_version":"1.46.0-1ubuntu2.6","binary_name":"libnm-dev"},{"binary_version":"1.46.0-1ubuntu2.6","binary_name":"libnm0"},{"binary_version":"1.46.0-1ubuntu2.6","binary_name":"network-manager"},{"binary_version":"1.46.0-1ubuntu2.6","binary_name":"network-manager-config-connectivity-debian"},{"binary_version":"1.46.0-1ubuntu2.6","binary_name":"network-manager-config-connectivity-ubuntu"},{"binary_version":"1.46.0-1ubuntu2.6","binary_name":"network-manager-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6501.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}]}