CVE-2024-5564 is a classic buffer overflow vulnerability discovered in libndp, a library used by NetworkManager for processing IPv6 Neighbor Discovery Protocol (NDP) messages. The flaw occurs because libndp fails to properly validate the route length field in IPv6 router advertisement packets. An attacker can craft a malformed IPv6 router advertisement packet with incorrect route length information, causing libndp to copy data into a buffer without checking the input size, leading to a buffer overflow. This vulnerability affects NetworkManager version 1.0, which relies on libndp for handling IPv6 NDP messages. The vulnerability is exploitable remotely over the network without requiring authentication or user interaction, though it has a high attack complexity due to the need to send specifically crafted IPv6 packets. The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality, integrity, and availability. Successful exploitation could allow an attacker to execute arbitrary code, cause denial of service, or escalate privileges on affected systems. No public exploits or active exploitation have been reported yet. The vulnerability is particularly concerning for environments that use IPv6 extensively and rely on NetworkManager for network configuration and management. Since NetworkManager is widely deployed in many Linux distributions, this vulnerability has broad potential impact. However, the affected version is specifically 1.0, so systems running newer or patched versions may not be vulnerable. The issue highlights the importance of robust input validation in network protocol implementations to prevent memory corruption vulnerabilities.

The impact of CVE-2024-5564 is significant for organizations worldwide that use NetworkManager 1.0 with libndp on Linux systems, especially those utilizing IPv6 networking. Exploitation can lead to arbitrary code execution, allowing attackers to gain control over affected systems, potentially leading to data breaches, system manipulation, or persistent backdoors. The vulnerability also enables denial of service attacks by crashing NetworkManager or the host system, disrupting network connectivity and business operations. Since no authentication or user interaction is required, attackers can remotely target vulnerable systems over the network, increasing the attack surface. This poses a risk to enterprise servers, cloud infrastructure, IoT devices, and desktops that rely on NetworkManager for network configuration. Critical infrastructure and government networks using IPv6 are also at risk. The high CVSS score reflects the broad impact on confidentiality, integrity, and availability. Organizations with IPv6-enabled environments must consider this vulnerability a priority to avoid potential compromise or service disruption.

1. Upgrade NetworkManager to a version that includes the patch for CVE-2024-5564 as soon as it becomes available from your Linux distribution vendor. 2. If immediate patching is not possible, implement network-level filtering to block or restrict unsolicited IPv6 router advertisement packets from untrusted sources, using firewall rules or router configurations. 3. Employ Intrusion Detection/Prevention Systems (IDS/IPS) capable of detecting malformed IPv6 NDP packets to alert or block suspicious traffic. 4. Conduct network segmentation to isolate critical systems and reduce exposure to potentially malicious IPv6 traffic. 5. Monitor system logs and network traffic for anomalies related to IPv6 router advertisements. 6. Enforce strict input validation and memory safety practices in custom network protocol implementations to prevent similar vulnerabilities. 7. Educate network administrators about the risks of IPv6 protocol exploitation and encourage timely application of security updates. 8. Consider disabling IPv6 on systems where it is not required to reduce the attack surface.