OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend modes[] the same protection or by the time we use it the elements may already be pointing to freed/reused memory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.75.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4823	2024-07-24T00:00:00Z
kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:4831	2024-07-24T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
kernel-0:5.14.0-427.44.1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2024:9546	2024-11-13T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984
https://git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055
https://git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea
https://git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0
https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e
https://git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764
https://git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/2024052015-CVE-2024-35950-41bf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35950
https://www.cve.org/CVERecord?id=CVE-2024-35950

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Sat, 16 Nov 2024 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat enterprise Linux

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-20T09:41:45.333Z

Updated: 2024-11-05T09:25:33.251Z

Reserved: 2024-05-17T13:50:33.134Z

Link: CVE-2024-35950

Vulnrichment

Updated: 2024-08-02T03:21:49.192Z

NVD

Status : Awaiting Analysis

Published: 2024-05-20T10:15:10.490

Modified: 2024-11-21T09:21:16.493

Link: CVE-2024-35950

Redhat

Severity : Moderate

Publid Date: 2024-05-20T00:00:00Z

Links: CVE-2024-35950 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object