CVE-2024-35800 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF firmware.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.31.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5363	2024-08-15T00:00:00Z
kernel-0:5.14.0-427.31.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:5363	2024-08-15T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210
https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531
https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff
https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde
https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4
https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35800-219a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35800
https://www.cve.org/CVERecord?id=CVE-2024-35800

History

Wed, 06 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 16 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T13:23:10.170Z

Updated: 2025-05-04T09:05:42.183Z

Reserved: 2024-05-17T12:19:12.341Z

Link: CVE-2024-35800

Vulnrichment

Updated: 2024-08-02T03:21:47.638Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T14:15:12.623

Modified: 2024-11-21T09:20:55.583

Link: CVE-2024-35800

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35800 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35800", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.341Z", "datePublished": "2024-05-17T13:23:10.170Z", "dateUpdated": "2025-05-04T09:05:42.183Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:05:42.183Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/efi.c"], "versions": [{"version": "a8901f331b8b7f95a7315d033a22bc84c8365f35", "lessThan": "b9d103aca85f082a343b222493f3cab1219aaaf4", "status": "affected", "versionType": "git"}, {"version": "bad267f9e18f8e9e628abd1811d2899b1735a4e1", "lessThan": "9114ba9987506bcfbb454f6e68558d68cb1abbde", "status": "affected", "versionType": "git"}, {"version": "bad267f9e18f8e9e628abd1811d2899b1735a4e1", "lessThan": "7784135f134c13af17d9ffb39a57db8500bc60ff", "status": "affected", "versionType": "git"}, {"version": "bad267f9e18f8e9e628abd1811d2899b1735a4e1", "lessThan": "090d2b4515ade379cd592fbc8931344945978210", "status": "affected", "versionType": "git"}, {"version": "bad267f9e18f8e9e628abd1811d2899b1735a4e1", "lessThan": "62b71cd73d41ddac6b1760402bbe8c4932e23531", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/efi.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.81", "versionEndExcluding": "6.1.84"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.8.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4"}, {"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde"}, {"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff"}, {"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210"}, {"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531"}], "title": "efi: fix panic in kdump kernel", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35800", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T15:54:03.513845Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:42.333Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.638Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.638Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35800", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T15:54:03.513845Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T15:54:07.412Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "efi: fix panic in kdump kernel", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a8901f331b8b", "lessThan": "b9d103aca85f", "versionType": "git"}, {"status": "affected", "version": "bad267f9e18f", "lessThan": "9114ba998750", "versionType": "git"}, {"status": "affected", "version": "bad267f9e18f", "lessThan": "7784135f134c", "versionType": "git"}, {"status": "affected", "version": "bad267f9e18f", "lessThan": "090d2b4515ad", "versionType": "git"}, {"status": "affected", "version": "bad267f9e18f", "lessThan": "62b71cd73d41", "versionType": "git"}], "programFiles": ["drivers/firmware/efi/efi.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.3"}, {"status": "unaffected", "version": "0", "lessThan": "6.3", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.84", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/efi/efi.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4"}, {"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde"}, {"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff"}, {"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210"}, {"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:22:36.017Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35800", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:22:36.017Z", "dateReserved": "2024-05-17T12:19:12.341Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T13:23:10.170Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi: arreglado el p\u00e1nico en el kernel kdump. Compruebe si get_next_variable() es realmente un puntero v\u00e1lido antes de llamarlo. En el kernel kdump, este m\u00e9todo est\u00e1 configurado en NULL, lo que provoca p\u00e1nico durante el arranque del kernel kexec-ed. Probado con firmware QEMU y OVMF."}], "id": "CVE-2024-35800", "lastModified": "2024-11-21T09:20:55.583", "metrics": {}, "published": "2024-05-17T14:15:12.623", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5363", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}], "bugzilla": {"description": "kernel: efi: fix panic in kdump kernel", "id": "2281237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281237"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nefi: fix panic in kdump kernel\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\nTested with QEMU and OVMF firmware."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35800", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35800\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35800\nhttps://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35800-219a@gregkh/T"], "threat_severity": "Moderate"}