CVE-2024-35855: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
First published: Fri May 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The Linux kernel CVE team has assigned <a href="https://access.redhat.com/security/cve/CVE-2024-35855">CVE-2024-35855</a> to this issue. Upstream advisory: <a href="https://lore.kernel.org/linux-cve-announce/2024051741-CVE-2024-35855-c1fb@gregkh/T">https://lore.kernel.org/linux-cve-announce/2024051741-CVE-2024-35855-c1fb@gregkh/T</a>
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <5.4.275 | 5.4.275 |
| redhat/kernel | <5.10.216 | 5.10.216 |
| redhat/kernel | <5.15.158 | 5.15.158 |
| redhat/kernel | <6.1.90 | 6.1.90 |
| redhat/kernel | <6.6.30 | 6.6.30 |
| redhat/kernel | <6.8.9 | 6.8.9 |
| redhat/kernel | <6.9 | 6.9 |
| Linux Kernel | >=5.1<5.4.275 | |
| Linux Kernel | >=5.5<5.10.216 | |
| Linux Kernel | >=5.11<5.15.158 | |
| Linux Kernel | >=5.16<6.1.90 | |
| Linux Kernel | >=6.2<6.6.30 | |
| Linux Kernel | >=6.7<6.8.9 | |
| Linux Kernel | =6.9-rc1 | |
| Linux Kernel | =6.9-rc2 | |
| Linux Kernel | =6.9-rc3 | |
| Linux Kernel | =6.9-rc4 | |
| Linux Kernel | =6.9-rc5 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1b73f6e4ea770410a937a8db98f77e52594d23a0
- https://git.kernel.org/stable/c/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4
- https://git.kernel.org/stable/c/b183b915beef818a25e3154d719ca015a1ae0770
- https://git.kernel.org/stable/c/b996e8699da810e4c915841d6aaef761007f933a
- https://git.kernel.org/stable/c/c17976b42d546ee118ca300db559630ee96fb758
- https://git.kernel.org/stable/c/e24d2487424779c02760ff50cd9021b8676e19ef
- https://git.kernel.org/stable/c/feabdac2057e863d0e140a2adf3d232eb4882db4
- https://launchpad.net/bugs/cve/CVE-2024-35855
- https://access.redhat.com/security/cve/CVE-2024-35855
- https://lore.kernel.org/linux-cve-announce/2024051741-CVE-2024-35855-c1fb@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2281252
- https://access.redhat.com/errata/RHSA-2024:4211
- https://access.redhat.com/errata/RHSA-2024:4352
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2281251
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855
- https://nvd.nist.gov/vuln/detail/CVE-2024-35855
- https://security-tracker.debian.org/tracker/CVE-2024-35855
- https://ubuntu.com/security/CVE-2024-35855
- https://git.kernel.org/linus/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-35855?
CVE-2024-35855 is classified as a high severity vulnerability due to the potential use-after-free condition that can lead to arbitrary code execution or system crashes.
How do I fix CVE-2024-35855?
To fix CVE-2024-35855, update the Linux kernel to the latest versions listed in the vulnerability advisory, specifically to versions greater than 5.4.275, 5.10.216, 5.15.158, 6.1.90, 6.6.30, 6.8.9, or 6.9.
What systems are affected by CVE-2024-35855?
CVE-2024-35855 impacts various versions of the Linux kernel, specifically those prior to 5.4.275, 5.10.216, 5.15.158, 6.1.90, 6.6.30, 6.8.9, and 6.9.
Is CVE-2024-35855 a remote or local vulnerability?
CVE-2024-35855 is primarily considered a local vulnerability since it requires authenticated access to exploit the use-after-free condition.
What mitigation strategies are recommended for CVE-2024-35855?
In addition to updating the kernel, users should restrict access to sensitive systems and monitor logs for any unusual activity that may indicate exploitation attempts related to CVE-2024-35855.
- agent/title
- agent/weakness
- agent/type
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-35855
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/remedy
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.1
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.9-rc1
- version/linux kernel/6.9-rc2
- version/linux kernel/6.9-rc3
- version/linux kernel/6.9-rc4
- version/linux kernel/6.9-rc5
- package-manager/debian
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2