{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35918", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "REJECTED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.123Z", "datePublished": "2024-05-19T10:10:31.033Z", "dateUpdated": "2024-07-30T04:55:53.692Z", "dateRejected": "2024-07-30T04:55:53.692Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-30T04:55:53.692Z"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35918", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "REJECTED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.123Z", "datePublished": "2024-05-19T10:10:31.033Z", "dateUpdated": "2024-07-30T04:55:53.692Z", "dateRejected": "2024-07-30T04:55:53.692Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-30T04:55:53.692Z"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "id": "CVE-2024-35918", "lastModified": "2024-07-30T05:15:09.763", "metrics": {}, "published": "2024-05-19T11:15:48.223", "references": [], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: randomize_kstack: Improve entropy diffusion", "id": "2281783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281783"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["A cryptographic low entropy vulnerability was found in the Linux kernel, where the kstack_offset variable only uses the low bits for kernel stack offset entropy. This issue can result in loss of overall security of the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35918", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35918\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35918\nhttps://lore.kernel.org/linux-cve-announce/2024051912-CVE-2024-35918-3fed@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.155, kernel 6.1.86, kernel 6.6.27, kernel 6.8.6, kernel 6.9"}