CVE-2024-35821

{"id": "CVE-2024-35821", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-17T14:15:17.373", "references": [{"url": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-772"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Set page uptodate in the correct place\n\nPage cache reads are lockless, so setting the freshly allocated page\nuptodate before we've overwritten it with the data it's supposed to have\nin it will allow a simultaneous reader to see old data. Move the call\nto SetPageUptodate into ubifs_write_end(), which is after we copied the\nnew data into the page."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: establece la actualizaci\u00f3n de la p\u00e1gina en el lugar correcto. Las lecturas de la cach\u00e9 de la p\u00e1gina no tienen bloqueo, por lo que configurar la actualizaci\u00f3n de la p\u00e1gina reci\u00e9n asignada antes de que la sobrescribamos con los datos que se supone que debe contener lo har\u00e1. permitir que un lector simult\u00e1neo vea datos antiguos. Mueva la llamada a SetPageUptodate a ubifs_write_end(), que es despu\u00e9s de que copiamos los nuevos datos en la p\u00e1gina."}], "lastModified": "2024-07-03T02:02:14.487", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}