CVE-2024-35837

MEDIUM

Linux Kernel - Use After Free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue.

References (7)

[Patch] https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f

[Patch] https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b

[Patch] https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38

[Patch] https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa

[Patch] https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec

[Patch] https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 6.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

Status published

Affected Products (8)

linux/linux_kernel < 5.10.210

linux/linux_kernel

debian/debian_linux

linux/Kernel < 5.10.210linux

linux/Kernel < 5.15.149linux

linux/Kernel < 6.1.76linux

linux/Kernel < 6.6.15linux

linux/Kernel < 6.7.3linux

Timeline

Published May 17, 2024

Tracked Since Feb 18, 2026