PT-2024-8379 · Linux+5 · Linux Kernel+5

Matthew Wilcox

+3

·

Published

2024-02-25

·

Updated

2025-03-28

·

CVE-2024-35821

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the ubifs component of the Linux kernel, where page cache reads are lockless. This allows a simultaneous reader to see old data if the freshly allocated page is set uptodate before the new data is copied into it. The vulnerability can be exploited to cause a denial of service. The SetPageUptodate call has been moved to ubifs write end(), after the new data has been copied into the page, to resolve the issue. The functions write begin slow(), ubifs write begin(), and ubifs write end() in fs/ubifs/file.c are involved in the vulnerability.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Release of Resource after Effective Lifetime

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-667

Related Identifiers

BDU:2024-09938
CVE-2024-35821
DLA-3840-1
DLA-3842-1
OESA-2024-1736
OESA-2024-1738
OESA-2024-1796
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu