CVE-2024-35941 - Vulnerability Details - OpenCVE

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2024-05-19

Score: 0.0 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024051919-CVE-2024-35941-1a9e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35941
https://www.cve.org/CVERecord?id=CVE-2024-35941

History

Tue, 03 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 0.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}` threat_severity `None`

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-05-19T10:10:46.233Z

Updated: 2024-06-04T12:55:24.200Z

Reserved: 2024-05-17T13:50:33.131Z

Link: CVE-2024-35941

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-05-19T11:15:49.823

Modified: 2024-06-04T13:15:52.613

Link: CVE-2024-35941

Redhat

Severity :

Publid Date: 2024-05-19T00:00:00Z

Links: CVE-2024-35941 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

{"bugzilla": {"description": "kernel: net: skbuff: add overflow debug check to pull/push helpers", "id": "2281813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281813"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "details": ["[REJECTED CVE] A use-after-free vulnerability was identified in the Linux kernel's net subsystem, specifically in skbuff handling. The issue arises from an overflow of the skb->network_header (a u16 value), causing skb_network_offset(skb) to return a negative value. This results in the __skb_pull() function incorrectly adjusting skb->data to an invalid memory location outside the skb->head area. An attacker could exploit this flaw to cause memory corruption or crash the system, potentially leading to denial of service or other undefined behavior."], "name": "CVE-2024-35941", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35941\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35941\nhttps://lore.kernel.org/linux-cve-announce/2024051919-CVE-2024-35941-1a9e@gregkh/T"], "statement": "This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2024060439-REJECTED-571b@gregkh/\nRed Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}