FKIE_CVE-2024-35830

Vulnerability from fkie_nvd - Published: 2024-05-17 14:15 - Updated: 2025-12-17 19:23
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77dPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1aPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlThird Party Advisory
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
debian debian_linux 10.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2DDC35-14DC-41CD-8D55-C4E09FDF7984",
              "versionEndExcluding": "4.19.311",
              "versionStartIncluding": "4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "620FD8B7-BF03-43E0-951A-0A58461D4C55",
              "versionEndExcluding": "5.4.273",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8",
              "versionEndExcluding": "5.10.214",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B",
              "versionEndExcluding": "5.15.153",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19",
              "versionEndExcluding": "6.1.83",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68",
              "versionEndExcluding": "6.6.23",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD",
              "versionEndExcluding": "6.7.11",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1",
              "versionEndExcluding": "6.8.2",
              "versionStartIncluding": "6.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tc358743: register v4l2 async device only after successful setup\n\nEnsure the device has been setup correctly before registering the v4l2\nasync device, thus allowing userspace to access."
    },
    {
      "lang": "es",
      "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: media: tc358743: registre el dispositivo as\u00edncrono v4l2 solo despu\u00e9s de una configuraci\u00f3n exitosa Aseg\u00farese de que el dispositivo se haya configurado correctamente antes de registrar el dispositivo as\u00edncrono v4l2, permitiendo as\u00ed el acceso al espacio de usuario."
    }
  ],
  "id": "CVE-2024-35830",
  "lastModified": "2025-12-17T19:23:18.030",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-17T14:15:19.330",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.