CVE-2024-35904

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35904
In the Linux kernel, the following vulnerability has been resolved: selinux: avoid dereference of garbage after mount failure In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b Patch
https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e Patch
https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c Patch
http://www.openwall.com/lists/oss-security/2024/05/30/1 Mailing List
http://www.openwall.com/lists/oss-security/2024/05/30/2 Mailing List
https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b Patch
https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e Patch
https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
History

03 Feb 2025, 16:03

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b - () https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b - Patch
References () https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e - () https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e - Patch
References () https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c - () https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c - Patch
References () http://www.openwall.com/lists/oss-security/2024/05/30/1 - () http://www.openwall.com/lists/oss-security/2024/05/30/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/05/30/2 - () http://www.openwall.com/lists/oss-security/2024/05/30/2 - Mailing List
CPE cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-476

21 Nov 2024, 09:21

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/05/30/1 -
  • () http://www.openwall.com/lists/oss-security/2024/05/30/2 -
References () https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b - () https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b -
References () https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e - () https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e -
References () https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c - () https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c -

05 Nov 2024, 10:16

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/05/30/1', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

10 Jun 2024, 17:16

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: selinux: evita la desreferenciación de basura después de un error de montaje En caso de que kern_mount() falle y devuelva un puntero de error en la rama de error en lugar de continuar y desreferenciar el puntero de error. Mientras está en él, suelte la variable estática nunca leída selinuxfs_mount.
References
  • () http://www.openwall.com/lists/oss-security/2024/05/30/1 -
  • () http://www.openwall.com/lists/oss-security/2024/05/30/2 -

19 May 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-19 09:15

Updated : 2025-02-03 16:03

NVD link : CVE-2024-35904

Mitre link : CVE-2024-35904

CVE.ORG link : CVE-2024-35904

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference