CVE-2024-35947

dyndbg: fix old BUG_ON in >control parser

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't
really look), lets make sure by removing it, doing pr_err and return
-EINVAL instead.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dyndbg: corrige el antiguo BUG_ON en >control parser. Corrige un BUG_ON de 2009. Incluso si parece "unreachable" (realmente no lo miré), asegurémonos eliminándolo. haciendo pr_err y devuelve -EINVAL en su lugar.

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead.

Benedict SchlÃ¼ter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-19 CVE Published
2025-01-16 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3c718bddddca9cbef177ac475b94c5c91147fb38	2024-05-17
https://git.kernel.org/stable/c/343081c21e56bd6690d342e2f5ae8c00183bf081	2024-05-17
https://git.kernel.org/stable/c/41d8ac238ab1cab01a8c71798d61903304f4e79b	2024-05-17
https://git.kernel.org/stable/c/ba3c118cff7bcb0fe6aa84ae1f9080d50e31c561	2024-05-17
https://git.kernel.org/stable/c/a66c869b17c4c4dcf81d273b02cb0efe88e127ab	2024-05-17
https://git.kernel.org/stable/c/a69e1bdd777ce51061111dc419801e8a2fd241cc	2024-05-17
https://git.kernel.org/stable/c/529e1852785599160415e964ca322ee7add7aef0	2024-05-17
https://git.kernel.org/stable/c/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c	2024-04-30

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-35947	2025-03-05
https://bugzilla.redhat.com/show_bug.cgi?id=2281510	2025-03-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.314 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.314"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.276 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.217 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.217"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.159 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9"		en		Affected