CVE-2024-35848
Last modified
CVE-2024-35848 is a medium-severity vulnerability rated 4.7/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device.. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | >= 5.3, < 5.10.217 | — |
| Linux | Linux Kernel | >= 5.11, < 5.15.159 | — |
| Linux | Linux Kernel | >= 5.16, < 6.1.91 | — |
| Linux | Linux Kernel | >= 6.2, < 6.6.31 | — |
| Linux | Linux Kernel | >= 6.7, < 6.8.9 | — |
| Linux | Linux Kernel | 6.9 | Rc1 |
| Debian | Debian Linux | 10.0 | — |
References
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-35848?
How severe is CVE-2024-35848?
How do I fix CVE-2024-35848?
Are you affected by CVE-2024-35848?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST