CVE-2024-35821Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime42 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.0
EPSS
0.1%
top 69.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 17
Latest updateSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into ubifs_write_end(), which is after we copied the new data into the page.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel2.6.274.19.312+7
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+2
CVEListV5linux/linux1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d4aa554832b9dc9e66249df75b8f447d87853e12e+9
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

20
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-gcp-5.15 vulnerabilities2024-07-30
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2024-07-26
OSV
linux-aws-5.15 vulnerabilities2024-07-23

📋Vendor Advisories

20
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel vulnerabilities2024-07-30
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23

💬Community

1
Bugzilla
CVE-2024-35821 kernel: ubifs: Set page uptodate in the correct place2024-05-17