{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35813", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.343Z", "datePublished": "2024-05-17T13:23:18.902Z", "dateUpdated": "2025-05-04T09:05:57.228Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:05:57.228Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/core/block.c"], "versions": [{"version": "f49f9e802785291149bdc9c824414de4604226b4", "lessThan": "b9a7339ae403035ffe7fc37cb034b36947910f68", "status": "affected", "versionType": "git"}, {"version": "59020bf0999ff7da8aedcd00ef8f0d75d93b6d20", "lessThan": "2b539c88940e22494da80a93ee1c5a28bbad10f6", "status": "affected", "versionType": "git"}, {"version": "50b8b7a22e90bab9f1949b64a88ff17ab10913ec", "lessThan": "81b8645feca08a54c7c4bf36e7b176f4983b2f28", "status": "affected", "versionType": "git"}, {"version": "c4edcd134bb72b3b0acc884612d624e48c9d057f", "lessThan": "ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", "status": "affected", "versionType": "git"}, {"version": "1653a8102868264f3488c298a9f20af2add9a288", "lessThan": "4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", "status": "affected", "versionType": "git"}, {"version": "eed9119f8f8e8fbf225c08abdbb58597fba807e0", "lessThan": "064db53f9023a2d5877a2d12de6bc27995f6ca56", "status": "affected", "versionType": "git"}, {"version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802", "lessThan": "7d0e8a6147550aa058fa6ade8583ad252aa61304", "status": "affected", "versionType": "git"}, {"version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802", "lessThan": "cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/core/block.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.274", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.215", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.269", "versionEndExcluding": "5.4.274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.210", "versionEndExcluding": "5.10.215"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.149", "versionEndExcluding": "5.15.154"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.76", "versionEndExcluding": "6.1.84"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.15", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7.3", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.8.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"}, {"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"}, {"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"}, {"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"}, {"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"}, {"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"}, {"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"}, {"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"}], "title": "mmc: core: Avoid negative index with array access", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:39:23.725113Z", "id": "CVE-2024-35813", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:43:26.196Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.575Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.575Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35813", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:39:23.725113Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:39:24.723Z"}}], "cna": {"title": "mmc: core: Avoid negative index with array access", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f49f9e802785291149bdc9c824414de4604226b4", "lessThan": "b9a7339ae403035ffe7fc37cb034b36947910f68", "versionType": "git"}, {"status": "affected", "version": "59020bf0999ff7da8aedcd00ef8f0d75d93b6d20", "lessThan": "2b539c88940e22494da80a93ee1c5a28bbad10f6", "versionType": "git"}, {"status": "affected", "version": "50b8b7a22e90bab9f1949b64a88ff17ab10913ec", "lessThan": "81b8645feca08a54c7c4bf36e7b176f4983b2f28", "versionType": "git"}, {"status": "affected", "version": "c4edcd134bb72b3b0acc884612d624e48c9d057f", "lessThan": "ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", "versionType": "git"}, {"status": "affected", "version": "1653a8102868264f3488c298a9f20af2add9a288", "lessThan": "4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", "versionType": "git"}, {"status": "affected", "version": "eed9119f8f8e8fbf225c08abdbb58597fba807e0", "lessThan": "064db53f9023a2d5877a2d12de6bc27995f6ca56", "versionType": "git"}, {"status": "affected", "version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802", "lessThan": "7d0e8a6147550aa058fa6ade8583ad252aa61304", "versionType": "git"}, {"status": "affected", "version": "4d0c8d0aef6355660b6775d57ccd5d4ea2e15802", "lessThan": "cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", "versionType": "git"}], "programFiles": ["drivers/mmc/core/block.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.274", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.215", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.154", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.84", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/mmc/core/block.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"}, {"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"}, {"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"}, {"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"}, {"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"}, {"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"}, {"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"}, {"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:55:38.274Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35813", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:55:38.274Z", "dateReserved": "2024-05-17T12:19:12.343Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T13:23:18.902Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "112F11AD-F7FB-4E81-AFE1-089E73396EAD", "versionEndExcluding": "5.4.274", "versionStartIncluding": "5.4.269", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAE5B705-A8D9-4689-86EC-63DF4415710C", "versionEndExcluding": "5.10.215", "versionStartIncluding": "5.10.210", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "84D3A097-5A42-40BD-97E1-AC833DFC0A5D", "versionEndExcluding": "5.15.154", "versionStartIncluding": "5.15.149", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD44EBC4-CA19-40E3-A232-56572BE62FDE", "versionEndExcluding": "6.1.84", "versionStartIncluding": "6.1.76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5D1D15E-619C-4180-9139-9B7A775737F4", "versionEndExcluding": "6.6.24", "versionStartIncluding": "6.6.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65E462C-6FAB-47C7-9B2E-5891AAD31001", "versionEndExcluding": "6.7.12", "versionStartIncluding": "6.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02", "versionEndExcluding": "6.8.3", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: core: evitar \u00edndice negativo con acceso a matriz Commit 4d0c8d0aef63 (\"mmc: core: usar mrq.sbc en ffu cerrado\") asigna prev_idata = idatas[i - 1] , pero no comprueba que el iterador i sea mayor que cero. Arreglemos esto agregando una comprobaci\u00f3n."}], "id": "CVE-2024-35813", "lastModified": "2025-12-15T20:57:52.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T14:15:15.617", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mmc: core: Avoid negative index with array access", "id": "2281209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281209"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmmc: core: Avoid negative index with array access\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check.", "A vulnerability was found in the Linux kernel's MMC core subsystem. This issue involves improper handling of array indexing, which could lead to accessing array elements using negative indices, resulting in out-of-bounds memory access, system instability, or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35813", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35813\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35813\nhttps://lore.kernel.org/linux-cve-announce/2024051742-CVE-2024-35813-bdc9@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}

{"created": "2025-07-12T16:01:30.833775+00:00", "updated": "2025-07-12T16:01:30.833838+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}