CVE-2024-35908 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8
https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be
https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3
https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096
https://lore.kernel.org/linux-cve-announce/2024051955-CVE-2024-35908-e78a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35908
https://www.cve.org/CVERecord?id=CVE-2024-35908

History

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-19T08:35:01.460Z

Updated: 2024-11-05T09:24:50.834Z

Reserved: 2024-05-17T13:50:33.121Z

Link: CVE-2024-35908

Vulnrichment

Updated: 2024-08-02T03:21:49.031Z

NVD

Status : Awaiting Analysis

Published: 2024-05-19T09:15:11.477

Modified: 2024-05-20T13:00:04.957

Link: CVE-2024-35908

Redhat

Severity : Low

Publid Date: 2024-05-19T00:00:00Z

Links: CVE-2024-35908 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object