CVE-2024-35848: eeprom: at24: fix memory corruption race condition
First published: Fri May 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <5.10.217 | 5.10.217 |
| redhat/kernel | <5.15.159 | 5.15.159 |
| redhat/kernel | <6.1.91 | 6.1.91 |
| redhat/kernel | <6.6.31 | 6.6.31 |
| redhat/kernel | <6.8.9 | 6.8.9 |
| redhat/kernel | <6.9 | 6.9 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.7-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/26d32bec4c6d255a03762f33c637bfa3718be15a
- https://git.kernel.org/stable/c/2af84c46b9b8f2d6c0f88d09ee5c849ae1734676
- https://git.kernel.org/stable/c/6d8b56ec0c8f30d5657382f47344a32569f7a9bc
- https://git.kernel.org/stable/c/c43e5028f5a35331eb25017f5ff6cc21735005c6
- https://git.kernel.org/stable/c/c850f71fca09ea41800ed55905980063d17e01da
- https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2
- https://launchpad.net/bugs/cve/CVE-2024-35848
- https://access.redhat.com/security/cve/CVE-2024-35848
- https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35848-fc2b@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2281266
- https://access.redhat.com/errata/RHSA-2024:5363
- https://bugzilla.redhat.com/show_bug.cgi?id=2281265
- https://git.kernel.org/linus/f42c97027fb75776e2e9358d16bf4a99aeb04cf2
- https://security-tracker.debian.org/tracker/CVE-2024-35848
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848
- https://nvd.nist.gov/vuln/detail/CVE-2024-35848
- https://ubuntu.com/security/CVE-2024-35848
- agent/title
- agent/weakness
- agent/type
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/severity
- agent/references
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-35848
- agent/software-canonical-lookup
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- package-manager/redhat
- package-manager/debian