CVE-2024-35815Linux vulnerability

30 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.0
EPSS
0.0%
top 97.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 17
Latest updateSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler, the req->ki_ctx read happens either before the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such that it is guaranteed that the IOCB_AIO_RW test happens first.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.19.3084.19.312+7
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+1
CVEListV5linux/linux337b543e274fe7a8f47df3c8293cc6686ffa620f10ca82aff58434e122c7c757cf0497c335f993f3+14
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-gcp-5.15 vulnerabilities2024-07-30
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2024-07-26
OSV
linux-aws-5.15 vulnerabilities2024-07-23
OSV
linux-aws, linux-aws-5.4, linux-iot vulnerabilities2024-07-23

📋Vendor Advisories

14
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel vulnerabilities2024-07-30
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23
Ubuntu
Linux kernel vulnerabilities2024-07-23

💬Community

1
Bugzilla
CVE-2024-35815 kernel: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion2024-05-17