CVE-2024-35848 — Race Condition in Linux

CWE-362 — Race Condition42 documents8 sources

Severity

4.7MEDIUMNVD

OSV6.5OSV5.5

EPSS

0.0%

top 96.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +9 more

Timeline

PublishedMay 17

Latest updateNov 19

Description

In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages13 packages

▶NVDlinux/linux_kernel5.3 — 5.10.217+5

▶Debianlinux/linux_kernel< 5.10.218-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-200.220+2

▶CVEListV5linux/linuxb20eb4c1f0261eebe6e1b9221c0d6e4048837778 — c850f71fca09ea41800ed55905980063d17e01da+6

▶debiandebian/linux< linux 6.1.94-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2024-11-19

▶

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2024-11-14

▶

OSV

linux-aws, linux-azure-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp vulnerabilities↗2024-11-07

▶

OSV

linux-aws-5.4, linux-oracle-5.4 vulnerabilities↗2024-11-06

▶

OSV

linux-azure, linux-bluefield vulnerabilities↗2024-11-04

▶

📋Vendor Advisories

Ubuntu

Linux kernel (IoT) vulnerabilities↗2024-11-19

▶

Ubuntu

Linux kernel vulnerabilities↗2024-11-14

▶

Ubuntu

Linux kernel vulnerabilities↗2024-11-07

▶

Ubuntu

Linux kernel vulnerabilities↗2024-11-06

▶

Ubuntu

Linux kernel vulnerabilities↗2024-11-04

▶

💬Community

Bugzilla

CVE-2024-35848 kernel: eeprom: at24: fix memory corruption race condition↗2024-05-18

▶