PT-2024-9801 · Linux+6 · Linux Kernel+6

Dan Carpenter

Published

2024-03-04

Updated

2025-09-29

CVE-2024-35827

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to an integer underflow in the io recvmsg mshot prep() function. The controllen variable is of type size t (unsigned long), and casting it to int could lead to an integer underflow. The check add overflow() function considers the type of the destination, which is int. If two positive values are added and the result cannot fit in an integer, it is counted as an overflow. However, if controllen is cast to int and turns negative, negative values can fit into an int type, so there is no overflow. This could potentially allow an attacker to execute arbitrary code.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Underflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-190

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2024-11575

CVE-2024-35827

INFSA-2024_9315

RHSA-2024:9315

RHSA-2024_9315

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2024-9801 · Linux+6 · Linux Kernel+6

CVE-2024-35827

Weakness Enumeration

Related Identifiers

Affected Products

References · 2166