Vulnerability in Linux

CVE-2024-35815

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct…

EPSS: 0.002 (15.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

  • Linux — versions 337b543e274fe7a8f47df3c8293cc6686ffa620f, b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942, ea1cd64d59f22d6d13f367d62ec6e27b9344695f
  • Linux Linux_kernel — versions 6.8
  • Debian Debian_linux — versions 10.0

References

Frequently asked questions

What is CVE-2024-35815?
CVE-2024-35815 is a medium-severity vulnerability in Linux. CVSS score: 5.5/10. Published 2024-05-17.
How severe is CVE-2024-35815?
Medium severity. CVSS v3 base score is 5.5 out of 10.