0.0
NA
CVE-2024-35802
Here's a possible title: Apache Server Cross-Site Scripting
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

May 17, 2024, 2:15 p.m.

Last Modified :

May 28, 2024, 7:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2024-35802 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-35802 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-35802 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Translated by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
    Removed Translation Title: kernel de Linux Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/sev: corregidas las referencias de variables dependientes de la posición en el código de inicio. El código de inicio temprano se ejecuta desde una asignación de memoria 1:1, que difiere de la asignación a la que se vinculó el código y/. o reubicado para correr. Esta última asignación aún no está activa en este momento, por lo que las referencias de símbolos que dependen de ella fallarán. Dado que el kernel principal está construido sin -fPIC, las referencias a símbolos generalmente se emiten como absolutas, por lo que cualquier referencia de este tipo que ocurra en el código de inicio temprano bloqueará el kernel. Si bien se intentó solucionar este problema en el código de inicio inicial de SEV/SME, forzando el direccionamiento relativo a RIP para ciertas variables globales de SEV/SME mediante un ensamblaje en línea (consulte snp_cpuid_get_table(), por ejemplo), el direccionamiento relativo a RIP debe ser omnipresente. aplicado para las variables globales SEV/SME cuando se accede a ellas antes de las correcciones de la tabla de páginas. __startup_64() ya maneja este problema para variables globales seleccionadas que no son SEV/SME usando fixup_pointer(), que ajusta el puntero en relación con un argumento `physaddr`. Para evitar tener que pasar este argumento `physaddr` entre todas las funciones que necesitan aplicar correcciones de puntero, introduzca una macro RIP_RELATIVE_REF() que genera una referencia relativa a RIP a una variable global determinada. Se utiliza cuando es necesario para forzar accesos relativos a RIP a variables globales. Para fines de backport, este parche no intenta limpiar otras apariciones de este patrón, que involucran inline asm o fixup_pointer(). Estos se abordarán más adelante. [bp: llámelo "rip_rel_ref" en todas partes, como otros códigos acortan la "referencia relativa a rIP" y hacen que el contenedor ASM sea __always_inline. ]
  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: x86/sev: Fix position dependent variable references in startup code The early startup code executes from a 1:1 mapping of memory, which differs from the mapping that the code was linked and/or relocated to run at. The latter mapping is not active yet at this point, and so symbol references that rely on it will fault. Given that the core kernel is built without -fPIC, symbol references are typically emitted as absolute, and so any such references occuring in the early startup code will therefore crash the kernel. While an attempt was made to work around this for the early SEV/SME startup code, by forcing RIP-relative addressing for certain global SEV/SME variables via inline assembly (see snp_cpuid_get_table() for example), RIP-relative addressing must be pervasively enforced for SEV/SME global variables when accessed prior to page table fixups. __startup_64() already handles this issue for select non-SEV/SME global variables using fixup_pointer(), which adjusts the pointer relative to a `physaddr` argument. To avoid having to pass around this `physaddr` argument across all functions needing to apply pointer fixups, introduce a macro RIP_RELATIVE_REF() which generates a RIP-relative reference to a given global variable. It is used where necessary to force RIP-relative accesses to global variables. For backporting purposes, this patch makes no attempt at cleaning up other occurrences of this pattern, involving either inline asm or fixup_pointer(). Those will be addressed later. [ bp: Call it "rip_rel_ref" everywhere like other code shortens "rIP-relative reference" and make the asm wrapper __always_inline. ] Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed Reference kernel.org https://git.kernel.org/stable/c/fe272b61506bb1534922ef07aa165fd3c37a6a90
    Removed Reference kernel.org https://git.kernel.org/stable/c/0982fd6bf0b822876f2e93ec782c4c28a3f85535
    Removed Reference kernel.org https://git.kernel.org/stable/c/66fa3fcb474b2b892fe42d455a6f7ec5aaa98fb9
    Removed Reference kernel.org https://git.kernel.org/stable/c/954a4a87814465ad61cc97c1cd3de1525baaaf07
    Removed Reference kernel.org https://git.kernel.org/stable/c/1c811d403afd73f04bde82b83b24c754011bd0e8
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 17, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: x86/sev: Fix position dependent variable references in startup code The early startup code executes from a 1:1 mapping of memory, which differs from the mapping that the code was linked and/or relocated to run at. The latter mapping is not active yet at this point, and so symbol references that rely on it will fault. Given that the core kernel is built without -fPIC, symbol references are typically emitted as absolute, and so any such references occuring in the early startup code will therefore crash the kernel. While an attempt was made to work around this for the early SEV/SME startup code, by forcing RIP-relative addressing for certain global SEV/SME variables via inline assembly (see snp_cpuid_get_table() for example), RIP-relative addressing must be pervasively enforced for SEV/SME global variables when accessed prior to page table fixups. __startup_64() already handles this issue for select non-SEV/SME global variables using fixup_pointer(), which adjusts the pointer relative to a `physaddr` argument. To avoid having to pass around this `physaddr` argument across all functions needing to apply pointer fixups, introduce a macro RIP_RELATIVE_REF() which generates a RIP-relative reference to a given global variable. It is used where necessary to force RIP-relative accesses to global variables. For backporting purposes, this patch makes no attempt at cleaning up other occurrences of this pattern, involving either inline asm or fixup_pointer(). Those will be addressed later. [ bp: Call it "rip_rel_ref" everywhere like other code shortens "rIP-relative reference" and make the asm wrapper __always_inline. ]
    Added Reference kernel.org https://git.kernel.org/stable/c/fe272b61506bb1534922ef07aa165fd3c37a6a90 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/0982fd6bf0b822876f2e93ec782c4c28a3f85535 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/66fa3fcb474b2b892fe42d455a6f7ec5aaa98fb9 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/954a4a87814465ad61cc97c1cd3de1525baaaf07 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/1c811d403afd73f04bde82b83b24c754011bd0e8 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-35802 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-35802 weaknesses.

NONE - Vulnerability Scoring System
: