Cyber Resilience

CVE-2024-35821

Medium

Published: 17 May 2024

Published
17 May 2024
Modified
23 December 2025
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0011 29.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-35821 is a medium-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Linux Linux Kernel. Its CVSS base score is 5.5 (Medium).

Operationally, ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to…

more

have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into ubifs_write_end(), which is after we copied the new data into the page.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
2.6.27 — 4.19.312 · 4.20 — 5.4.274 · 5.5 — 5.10.215
debian
debian linux
10.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-772

Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses.

References