CVE-2024-35800 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF firmware.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.31.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5363	2024-08-15T00:00:00Z
kernel-0:5.14.0-427.31.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:5363	2024-08-15T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210
https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531
https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff
https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde
https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4
https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35800-219a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35800
https://www.cve.org/CVERecord?id=CVE-2024-35800

History

Fri, 16 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T13:23:10.170Z

Updated: 2024-08-02T03:21:47.638Z

Reserved: 2024-05-17T12:19:12.341Z

Link: CVE-2024-35800

Vulnrichment

Updated: 2024-08-02T03:21:47.638Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T14:15:12.623

Modified: 2024-05-17T18:35:35.070

Link: CVE-2024-35800

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35800 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35800", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.341Z", "datePublished": "2024-05-17T13:23:10.170Z", "dateUpdated": "2024-08-02T03:21:47.638Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:29:12.743Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/efi.c"], "versions": [{"version": "a8901f331b8b", "lessThan": "b9d103aca85f", "status": "affected", "versionType": "git"}, {"version": "bad267f9e18f", "lessThan": "9114ba998750", "status": "affected", "versionType": "git"}, {"version": "bad267f9e18f", "lessThan": "7784135f134c", "status": "affected", "versionType": "git"}, {"version": "bad267f9e18f", "lessThan": "090d2b4515ad", "status": "affected", "versionType": "git"}, {"version": "bad267f9e18f", "lessThan": "62b71cd73d41", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/efi.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4"}, {"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde"}, {"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff"}, {"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210"}, {"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531"}], "title": "efi: fix panic in kdump kernel", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35800", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T15:54:03.513845Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:42.333Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.638Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.638Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35800", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T15:54:03.513845Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T15:54:07.412Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "efi: fix panic in kdump kernel", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a8901f331b8b", "lessThan": "b9d103aca85f", "versionType": "git"}, {"status": "affected", "version": "bad267f9e18f", "lessThan": "9114ba998750", "versionType": "git"}, {"status": "affected", "version": "bad267f9e18f", "lessThan": "7784135f134c", "versionType": "git"}, {"status": "affected", "version": "bad267f9e18f", "lessThan": "090d2b4515ad", "versionType": "git"}, {"status": "affected", "version": "bad267f9e18f", "lessThan": "62b71cd73d41", "versionType": "git"}], "programFiles": ["drivers/firmware/efi/efi.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.3"}, {"status": "unaffected", "version": "0", "lessThan": "6.3", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.84", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.24", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/efi/efi.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4"}, {"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde"}, {"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff"}, {"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210"}, {"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:29:12.743Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35800", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:21:47.638Z", "dateReserved": "2024-05-17T12:19:12.341Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T13:23:10.170Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"affected_release": [{"advisory": "RHSA-2024:5363", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}], "bugzilla": {"description": "kernel: efi: fix panic in kdump kernel", "id": "2281237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281237"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nefi: fix panic in kdump kernel\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\nTested with QEMU and OVMF firmware."], "name": "CVE-2024-35800", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35800\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35800\nhttps://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35800-219a@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.84, kernel 6.6.24, kernel 6.7.12, kernel 6.8.3, kernel 6.9"}