CVE-2024-35813 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns prev_idata = idatas[i - 1], but doesn't check that the iterator i is greater than zero. Let's fix this by adding a check.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56
https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6
https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2
https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304
https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28
https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55
https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68
https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/2024051742-CVE-2024-35813-bdc9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35813
https://www.cve.org/CVERecord?id=CVE-2024-35813

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Wed, 06 Nov 2024 08:15:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T13:23:18.902Z

Updated: 2025-05-04T09:05:57.228Z

Reserved: 2024-05-17T12:19:12.343Z

Link: CVE-2024-35813

Vulnrichment

Updated: 2024-08-02T03:21:47.575Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T14:15:15.617

Modified: 2024-11-21T09:20:57.250

Link: CVE-2024-35813

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35813 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35813", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.343Z", "datePublished": "2024-05-17T13:23:18.902Z", "dateUpdated": "2025-05-04T09:05:57.228Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:05:57.228Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/core/block.c"], "versions": [{"version": "f49f9e802785291149bdc9c824414de4604226b4", "lessThan": "b9a7339ae403035ffe7fc37cb034b36947910f68", "status": "affected", "versionType": "git"}, {"version": "59020bf0999ff7da8aedcd00ef8f0d75d93b6d20", "lessThan": "2b539c88940e22494da80a93ee1c5a28bbad10f6", "status": "affected", "versionType": "git"}, {"version": "50b8b7a22e90bab9f1949b64a88ff17ab10913ec", "lessThan": "81b8645feca08a54c7c4bf36e7b176f4983b2f28", "status": "affected", "versionType": "git"}, {"version": "c4edcd134bb72b3b0acc884612d624e48c9d057f", "lessThan": "ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", "status": "affected", "versionType": "git"}, {"version": "1653a8102868264f3488c298a9f20af2add9a288", "lessThan": "4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", "status": "affected", "versionType": "git"}, {"version": "eed9119f8f8e8fbf225c08abdbb58597fba807e0", "lessThan": "064db53f9023a2d5877a2d12de6bc27995f6ca56", "status": "affected", "versionType": "git"}, {"version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802", "lessThan": "7d0e8a6147550aa058fa6ade8583ad252aa61304", "status": "affected", "versionType": "git"}, {"version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802", "lessThan": "cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/core/block.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.274", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.215", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.269", "versionEndExcluding": "5.4.274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.210", "versionEndExcluding": "5.10.215"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.149", "versionEndExcluding": "5.15.154"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.76", "versionEndExcluding": "6.1.84"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.15", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7.3", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.8.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"}, {"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"}, {"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"}, {"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"}, {"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"}, {"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"}, {"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"}, {"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"}], "title": "mmc: core: Avoid negative index with array access", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:39:23.725113Z", "id": "CVE-2024-35813", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:43:26.196Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.575Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.575Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35813", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:39:23.725113Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:39:24.723Z"}}], "cna": {"title": "mmc: core: Avoid negative index with array access", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f49f9e802785291149bdc9c824414de4604226b4", "lessThan": "b9a7339ae403035ffe7fc37cb034b36947910f68", "versionType": "git"}, {"status": "affected", "version": "59020bf0999ff7da8aedcd00ef8f0d75d93b6d20", "lessThan": "2b539c88940e22494da80a93ee1c5a28bbad10f6", "versionType": "git"}, {"status": "affected", "version": "50b8b7a22e90bab9f1949b64a88ff17ab10913ec", "lessThan": "81b8645feca08a54c7c4bf36e7b176f4983b2f28", "versionType": "git"}, {"status": "affected", "version": "c4edcd134bb72b3b0acc884612d624e48c9d057f", "lessThan": "ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", "versionType": "git"}, {"status": "affected", "version": "1653a8102868264f3488c298a9f20af2add9a288", "lessThan": "4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", "versionType": "git"}, {"status": "affected", "version": "eed9119f8f8e8fbf225c08abdbb58597fba807e0", "lessThan": "064db53f9023a2d5877a2d12de6bc27995f6ca56", "versionType": "git"}, {"status": "affected", "version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802", "lessThan": "7d0e8a6147550aa058fa6ade8583ad252aa61304", "versionType": "git"}, {"status": "affected", "version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802", "lessThan": "cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", "versionType": "git"}], "programFiles": ["drivers/mmc/core/block.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.274", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.215", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.154", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.84", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/mmc/core/block.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"}, {"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"}, {"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"}, {"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"}, {"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"}, {"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"}, {"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"}, {"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:55:38.274Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35813", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:55:38.274Z", "dateReserved": "2024-05-17T12:19:12.343Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T13:23:18.902Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: core: evitar \u00edndice negativo con acceso a matriz Commit 4d0c8d0aef63 (\"mmc: core: usar mrq.sbc en ffu cerrado\") asigna prev_idata = idatas[i - 1] , pero no comprueba que el iterador i sea mayor que cero. Arreglemos esto agregando una comprobaci\u00f3n."}], "id": "CVE-2024-35813", "lastModified": "2024-11-21T09:20:57.250", "metrics": {}, "published": "2024-05-17T14:15:15.617", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: mmc: core: Avoid negative index with array access", "id": "2281209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281209"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmmc: core: Avoid negative index with array access\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check.", "A vulnerability was found in the Linux kernel's MMC core subsystem. This issue involves improper handling of array indexing, which could lead to accessing array elements using negative indices, resulting in out-of-bounds memory access, system instability, or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35813", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35813\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35813\nhttps://lore.kernel.org/linux-cve-announce/2024051742-CVE-2024-35813-bdc9@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}