CVE-2024-35821
Published: 17 May 2024
Summary
CVE-2024-35821 is a medium-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Linux Linux Kernel. Its CVSS base score is 5.5 (Medium).
Operationally, ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-35738
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to…
more
have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into ubifs_write_end(), which is after we copied the new data into the page.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses.