CVE-2024-35935

LOW EPSS 12.8%
Published May 19, 20242y ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published May 19, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses.

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
12.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-209

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel* <4.19.312
linuxlinux_kernel*≥4.20  –  <5.4.274
linuxlinux_kernel*≥5.5  –  <5.10.215
linuxlinux_kernel*≥5.11  –  <5.15.155
linuxlinux_kernel*≥5.16  –  <6.1.86
linuxlinux_kernel*≥6.2  –  <6.6.27
linuxlinux_kernel*≥6.7  –  <6.8.6
debiandebian_linux10.0any

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183
    Patch