CVE-2024-35924

usb: typec: ucsi: Limit read size on v1.2

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to use the read UCSI version to truncate read sizes on UCSI v1.2.

N/A
CVSS
Severity:
EPSS 0.12%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40
https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f
https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527

Frequently Asked Questions

What is the severity of CVE-2024-35924?
CVE-2024-35924 has not yet been assigned a CVSS score.
How to fix CVE-2024-35924?
To fix CVE-2024-35924, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35924 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35924 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35924?
CVE-2024-35924 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.