Cyber Resilience

CVE-2024-35823

MediumUpdated

Published: 17 May 2024

Published
17 May 2024
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0027 50.4th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-35823 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Linux Linux Kernel. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 49.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting…

more

chars in the buffer"). The cure is also the same i.e. replace memcpy() with memmove() due to the overlaping buffers.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
6.8 · 3.7 — 4.19.312 · 4.20 — 5.4.274 · 5.5 — 5.10.215
debian
debian linux
10.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References