CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a double-free in arfscreategroups
The Linux kernel CVE team has assigned CVE-2024-35835 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051730-CVE-2024-35835-d75f@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a double-free in arfscreategroups
When in allocated by kvzalloc fails, arfscreategroups will free ft->g and return an error. However, arfscreatetable, the only caller of arfscreategroups, will hold this error and call to mlx5edestroyflowtable, in which the ft->g will be freed again.
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-35835?
CVE-2024-35835 is classified as a medium severity vulnerability affecting the Linux kernel.
How do I fix CVE-2024-35835?
To fix CVE-2024-35835, update to kernel versions 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.76, 6.6.15, 6.7.3, or 6.8 depending on your distribution.
What systems are affected by CVE-2024-35835?
CVE-2024-35835 affects various systems using specific versions of the Linux kernel, particularly distributions from Red Hat and Debian.
What components are involved in CVE-2024-35835?
CVE-2024-35835 involves a vulnerability in the net/mlx5e component, specifically due to a double-free error during arfs_create_groups.
Are there known exploits for CVE-2024-35835?
As of now, there are no publicly known exploits specifically targeting CVE-2024-35835.