CVE-2024-35800

Summary

In the Linux kernel, the following vulnerability has been resolved:

efi: fix panic in kdump kernel

Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot.

Tested with QEMU and OVMF firmware.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa8901f331b8b7f95a7315d033a22bc84c8365f35 < b9d103aca85f082a343b222493f3cab1219aaaf4affected
LinuxLinuxbad267f9e18f8e9e628abd1811d2899b1735a4e1 < 9114ba9987506bcfbb454f6e68558d68cb1abbdeaffected
LinuxLinuxbad267f9e18f8e9e628abd1811d2899b1735a4e1 < 7784135f134c13af17d9ffb39a57db8500bc60ffaffected
LinuxLinuxbad267f9e18f8e9e628abd1811d2899b1735a4e1 < 090d2b4515ade379cd592fbc8931344945978210affected
LinuxLinuxbad267f9e18f8e9e628abd1811d2899b1735a4e1 < 62b71cd73d41ddac6b1760402bbe8c4932e23531affected
LinuxLinux6.1.81 < 6.1.84affected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.1.84 <= 6.1.*unaffected
LinuxLinux6.6.24 <= 6.6.*unaffected
LinuxLinux6.7.12 <= 6.7.*unaffected
LinuxLinux6.8.3 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References