CVE-2024-35935

LOW

Linux Kernel - Information Exposure via Btrfs Send Path Ref Underflow Error Message

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses.

References (11)

Core 11

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Patch

https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3

Patch

https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229

Patch

https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9

Patch

https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a

Patch

https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c

Patch

https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183

Patch

https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5

Patch

https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Scores

CVSS v3 3.3

EPSS 0.0022

EPSS Percentile 12.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (27)

debian/debian_linux 10.0

linux/Kernel 3.6.0 - 4.19.312linux

linux/Kernel 4.20.0 - 5.4.274linux

linux/Kernel 5.11.0 - 5.15.155linux

linux/Kernel 5.16.0 - 6.1.86linux

linux/Kernel 5.5.0 - 5.10.215linux

linux/Kernel 6.2.0 - 6.6.27linux

linux/Kernel 6.7.0 - 6.8.6linux

Linux/Linux < 3.6

Linux/Linux 3.6

... and 17 more

Published May 19, 2024

Tracked Since Feb 18, 2026