CVE-2024-35848

MEDIUM

Linux Kernel < 5.10.217 - Race Condition

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device.

References (7)

[Patch] https://git.kernel.org/stable/c/26d32bec4c6d255a03762f33c637bfa3718be15a

[Patch] https://git.kernel.org/stable/c/2af84c46b9b8f2d6c0f88d09ee5c849ae1734676

[Patch] https://git.kernel.org/stable/c/6d8b56ec0c8f30d5657382f47344a32569f7a9bc

[Patch] https://git.kernel.org/stable/c/c43e5028f5a35331eb25017f5ff6cc21735005c6

[Patch] https://git.kernel.org/stable/c/c850f71fca09ea41800ed55905980063d17e01da

[Patch] https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Scores

CVSS v3 4.7

EPSS 0.0002

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-362

Status published

Affected Products (12)

linux/linux_kernel < 5.10.217

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

debian/debian_linux

linux/Kernel < 5.10.217linux

linux/Kernel < 5.15.159linux

linux/Kernel < 6.1.91linux

linux/Kernel < 6.6.31linux

linux/Kernel < 6.8.9linux

Timeline

Published May 17, 2024

Tracked Since Feb 18, 2026