CVE-2024-35813

mmc: core: Avoid negative index with array access

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns prev_idata = idatas[i - 1], but doesn't check that the iterator i is greater than zero. Let's fix this by adding a check.

N/A
CVSS
Severity:
EPSS 0.27%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68
https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6
https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28
https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55
https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2
https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56
https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304
https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Frequently Asked Questions

What is the severity of CVE-2024-35813?
CVE-2024-35813 has not yet been assigned a CVSS score.
How to fix CVE-2024-35813?
To fix CVE-2024-35813, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35813 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35813 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35813?
CVE-2024-35813 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.