{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35787", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.338Z", "datePublished": "2024-05-17T12:24:35.137Z", "dateUpdated": "2025-05-04T09:05:23.509Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:05:23.509Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix incorrect usage for sb_index\n\nCommit d7038f951828 (\"md-bitmap: don't use ->index for pages backing the\nbitmap file\") removed page->index from bitmap code, but left wrong code\nlogic for clustered-md. current code never set slot offset for cluster\nnodes, will sometimes cause crash in clustered env.\n\nCall trace (partly):\n md_bitmap_file_set_bit+0x110/0x1d8 [md_mod]\n md_bitmap_startwrite+0x13c/0x240 [md_mod]\n raid1_make_request+0x6b0/0x1c08 [raid1]\n md_handle_request+0x1dc/0x368 [md_mod]\n md_submit_bio+0x80/0xf8 [md_mod]\n __submit_bio+0x178/0x300\n submit_bio_noacct_nocheck+0x11c/0x338\n submit_bio_noacct+0x134/0x614\n submit_bio+0x28/0xdc\n submit_bh_wbc+0x130/0x1cc\n submit_bh+0x1c/0x28"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/md-bitmap.c"], "versions": [{"version": "d7038f951828da19fa9aafddfa087b69032c9687", "lessThan": "736ad6c577a367834118f57417038d45bb5e0a31", "status": "affected", "versionType": "git"}, {"version": "d7038f951828da19fa9aafddfa087b69032c9687", "lessThan": "55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da", "status": "affected", "versionType": "git"}, {"version": "d7038f951828da19fa9aafddfa087b69032c9687", "lessThan": "5a95815b17428ce2f56ec18da5e0d1b2a1a15240", "status": "affected", "versionType": "git"}, {"version": "d7038f951828da19fa9aafddfa087b69032c9687", "lessThan": "ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/md-bitmap.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.8.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31"}, {"url": "https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da"}, {"url": "https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240"}, {"url": "https://git.kernel.org/stable/c/ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06"}], "title": "md/md-bitmap: fix incorrect usage for sb_index", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T15:19:46.019142Z", "id": "CVE-2024-35787", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:20:01.240Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.386Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.386Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35787", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T15:19:46.019142Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:19:55.307Z"}}], "cna": {"title": "md/md-bitmap: fix incorrect usage for sb_index", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "d7038f951828", "lessThan": "736ad6c577a3", "versionType": "git"}, {"status": "affected", "version": "d7038f951828", "lessThan": "55e55eb65fd5", "versionType": "git"}, {"status": "affected", "version": "d7038f951828", "lessThan": "5a95815b1742", "versionType": "git"}, {"status": "affected", "version": "d7038f951828", "lessThan": "ecbd8ebb51bf", "versionType": "git"}], "programFiles": ["drivers/md/md-bitmap.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/md/md-bitmap.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31"}, {"url": "https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da"}, {"url": "https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240"}, {"url": "https://git.kernel.org/stable/c/ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix incorrect usage for sb_index\n\nCommit d7038f951828 (\"md-bitmap: don't use ->index for pages backing the\nbitmap file\") removed page->index from bitmap code, but left wrong code\nlogic for clustered-md. current code never set slot offset for cluster\nnodes, will sometimes cause crash in clustered env.\n\nCall trace (partly):\n md_bitmap_file_set_bit+0x110/0x1d8 [md_mod]\n md_bitmap_startwrite+0x13c/0x240 [md_mod]\n raid1_make_request+0x6b0/0x1c08 [raid1]\n md_handle_request+0x1dc/0x368 [md_mod]\n md_submit_bio+0x80/0xf8 [md_mod]\n __submit_bio+0x178/0x300\n submit_bio_noacct_nocheck+0x11c/0x338\n submit_bio_noacct+0x134/0x614\n submit_bio+0x28/0xdc\n submit_bh_wbc+0x130/0x1cc\n submit_bh+0x1c/0x28"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:22:21.270Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35787", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:22:21.270Z", "dateReserved": "2024-05-17T12:19:12.338Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T12:24:35.137Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A32A237-A8EE-4654-9BB7-94C95ED898F1", "versionEndExcluding": "6.6.24", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53", "versionEndExcluding": "6.7.12", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02", "versionEndExcluding": "6.8.3", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix incorrect usage for sb_index\n\nCommit d7038f951828 (\"md-bitmap: don't use ->index for pages backing the\nbitmap file\") removed page->index from bitmap code, but left wrong code\nlogic for clustered-md. current code never set slot offset for cluster\nnodes, will sometimes cause crash in clustered env.\n\nCall trace (partly):\n md_bitmap_file_set_bit+0x110/0x1d8 [md_mod]\n md_bitmap_startwrite+0x13c/0x240 [md_mod]\n raid1_make_request+0x6b0/0x1c08 [raid1]\n md_handle_request+0x1dc/0x368 [md_mod]\n md_submit_bio+0x80/0xf8 [md_mod]\n __submit_bio+0x178/0x300\n submit_bio_noacct_nocheck+0x11c/0x338\n submit_bio_noacct+0x134/0x614\n submit_bio+0x28/0xdc\n submit_bh_wbc+0x130/0x1cc\n submit_bh+0x1c/0x28"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: md/md-bitmap: corrige el uso incorrecto de sb_index Commit d7038f951828 (\"md-bitmap: no usar ->\u00edndice para p\u00e1ginas que respaldan el archivo de mapa de bits\") p\u00e1gina eliminada-> \u00edndice del c\u00f3digo de mapa de bits, pero dej\u00f3 una l\u00f3gica de c\u00f3digo incorrecta para clustered-md. El c\u00f3digo actual nunca establece el desplazamiento de ranura para los nodos del cl\u00faster, a veces causa fallos en el entorno del cl\u00faster. Rastreo de llamadas (parcialmente): md_bitmap_file_set_bit+0x110/0x1d8 [md_mod] md_bitmap_startwrite+0x13c/0x240 [md_mod] raid1_make_request+0x6b0/0x1c08 [raid1] md_handle_request+0x1dc/0x368 [md_submit_bio+0x8 0/0xf8 [md_mod] __submit_bio+0x178/ 0x300 enviar_bio_noacct_nocheck+0x11c/0x338 enviar_bio_noacct+0x134/0x614 enviar_bio+0x28/0xdc enviar_bh_wbc+0x130/0x1cc enviar_bh+0x1c/0x28"}], "id": "CVE-2024-35787", "lastModified": "2025-09-26T16:21:10.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T13:15:58.567", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: md/md-bitmap: fix incorrect usage for sb_index", "id": "2281061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281061"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmd/md-bitmap: fix incorrect usage for sb_index\nCommit d7038f951828 (\"md-bitmap: don't use ->index for pages backing the\nbitmap file\") removed page->index from bitmap code, but left wrong code\nlogic for clustered-md. current code never set slot offset for cluster\nnodes, will sometimes cause crash in clustered env.\nCall trace (partly):\nmd_bitmap_file_set_bit+0x110/0x1d8 [md_mod]\nmd_bitmap_startwrite+0x13c/0x240 [md_mod]\nraid1_make_request+0x6b0/0x1c08 [raid1]\nmd_handle_request+0x1dc/0x368 [md_mod]\nmd_submit_bio+0x80/0xf8 [md_mod]\n__submit_bio+0x178/0x300\nsubmit_bio_noacct_nocheck+0x11c/0x338\nsubmit_bio_noacct+0x134/0x614\nsubmit_bio+0x28/0xdc\nsubmit_bh_wbc+0x130/0x1cc\nsubmit_bh+0x1c/0x28", "A security vulnerability was identified in the Linux kernel's MD (Multiple Device) subsystem, specifically within the bitmap handling code for clustered environments. The issue arises from incorrect usage of the sb_index field, leading to potential system crashes in clustered configurations."], "name": "CVE-2024-35787", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35787\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35787\nhttps://lore.kernel.org/linux-cve-announce/2024051707-CVE-2024-35787-dede@gregkh/T"], "threat_severity": "Moderate"}

{}