Linux kernel BUG_ON control parser flaw (CVE-2024-35947)
CVE-2024-35947 Published on May 19, 2024
dyndbg: fix old BUG_ON in >control parser
In the Linux kernel, the following vulnerability has been resolved:
dyndbg: fix old BUG_ON in >control parser
Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't
really look), lets make sure by removing it, doing pr_err and return
-EINVAL instead.
Vulnerability Analysis
CVE-2024-35947 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Products Associated with CVE-2024-35947
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-35947 are published in these products:
Affected Versions
Linux:- Version 9898abb3d23311fa227a7f46bf4e40fd2954057f and below 3c718bddddca9cbef177ac475b94c5c91147fb38 is affected.
- Version 9898abb3d23311fa227a7f46bf4e40fd2954057f and below 343081c21e56bd6690d342e2f5ae8c00183bf081 is affected.
- Version 9898abb3d23311fa227a7f46bf4e40fd2954057f and below 41d8ac238ab1cab01a8c71798d61903304f4e79b is affected.
- Version 9898abb3d23311fa227a7f46bf4e40fd2954057f and below ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561 is affected.
- Version 9898abb3d23311fa227a7f46bf4e40fd2954057f and below a66c869b17c4c4dcf81d273b02cb0efe88e127ab is affected.
- Version 9898abb3d23311fa227a7f46bf4e40fd2954057f and below a69e1bdd777ce51061111dc419801e8a2fd241cc is affected.
- Version 9898abb3d23311fa227a7f46bf4e40fd2954057f and below 529e1852785599160415e964ca322ee7add7aef0 is affected.
- Version 9898abb3d23311fa227a7f46bf4e40fd2954057f and below 00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c is affected.
- Version 2.6.30 is affected.
- Before 2.6.30 is unaffected.
- Version 4.19.314, <= 4.19.* is unaffected.
- Version 5.4.276, <= 5.4.* is unaffected.
- Version 5.10.217, <= 5.10.* is unaffected.
- Version 5.15.159, <= 5.15.* is unaffected.
- Version 6.1.91, <= 6.1.* is unaffected.
- Version 6.6.31, <= 6.6.* is unaffected.
- Version 6.8.10, <= 6.8.* is unaffected.
- Version 6.9, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.