0.0
NA
CVE-2024-35876
CVE-2022-3634 - Apache Solr Unchecked Exception Handling Vulnerability
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

May 19, 2024, 9:15 a.m.

Last Modified :

May 23, 2024, 2:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2024-35876 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-35876 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-35876 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 23, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 23, 2024

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Modifying a MCA bank's MCA_CTL bits which control which error types to be reported is done over /sys/devices/system/machinecheck/ ??? machinecheck0 ?   ??? bank0 ?   ??? bank1 ?   ??? bank10 ?   ??? bank11 ... sysfs nodes by writing the new bit mask of events to enable. When the write is accepted, the kernel deletes all current timers and reinits all banks. Doing that in parallel can lead to initializing a timer which is already armed and in the timer wheel, i.e., in use already: ODEBUG: init active (active state 0) object: ffff888063a28000 object type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642 WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514 Fix that by grabbing the sysfs mutex as the rest of the MCA sysfs code does. Reported by: Yue Sun <[email protected]> Reported by: xingwei lee <[email protected]> Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed Reference kernel.org https://git.kernel.org/stable/c/976b1b2680fb4c01aaf05a0623288d87619a6c93
    Removed Reference kernel.org https://git.kernel.org/stable/c/f5e65b782f3e07324b9a8fa3cdaee422f057c758
    Removed Reference kernel.org https://git.kernel.org/stable/c/f860595512ff5c05a29fa4d64169c3fd1186b8cf
    Removed Reference kernel.org https://git.kernel.org/stable/c/20a915154ccb88da08986ab6c9fc4c1cf6259de2
    Removed Reference kernel.org https://git.kernel.org/stable/c/5a02df3e92470efd589712925b5c722e730276a0
    Removed Reference kernel.org https://git.kernel.org/stable/c/32223b0b60d53f49567fc501f91ca076ae96be6b
    Removed Reference kernel.org https://git.kernel.org/stable/c/3ddf944b32f88741c303f0b21459dbb3872b8bc5
  • CVE Translated by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 23, 2024

    Action Type Old Value New Value
    Removed Translation Title: kernel de Linux Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/mce: asegúrese de tomar mce_sysfs_mutex en set_bank() La modificación de los bits MCA_CTL de un banco MCA que controlan qué tipos de errores se informarán se realiza a través de /sys/devices/system/machinecheck / ??? machinecheck0? ??? bank0? ??? bank1? ??? bank10? ??? bank11 ... nodos sysfs escribiendo la nueva máscara de bits de eventos para habilitar. Cuando se acepta la escritura, el kernel elimina todos los temporizadores actuales y reinicia todos los banks. Hacer eso en paralelo puede llevar a inicializar un temporizador que ya está armado y en la rueda del temporizador, es decir, que ya está en uso: ODEBUG: init active (estado activo 0) objeto: ffff888063a28000 tipo de objeto: timer_list sugerencia: mce_timer_fn+0x0/0x240 arch /x86/kernel/cpu/mce/core.c:2642 ADVERTENCIA: CPU: 0 PID: 8120 en lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514 Solucione eso tomando el mutex sysfs como el resto del código sysfs de MCA lo hace. Reportado por: Yue Sun Reportado por: xingwei lee
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 19, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Modifying a MCA bank's MCA_CTL bits which control which error types to be reported is done over /sys/devices/system/machinecheck/ ├── machinecheck0 │   ├── bank0 │   ├── bank1 │   ├── bank10 │   ├── bank11 ... sysfs nodes by writing the new bit mask of events to enable. When the write is accepted, the kernel deletes all current timers and reinits all banks. Doing that in parallel can lead to initializing a timer which is already armed and in the timer wheel, i.e., in use already: ODEBUG: init active (active state 0) object: ffff888063a28000 object type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642 WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514 Fix that by grabbing the sysfs mutex as the rest of the MCA sysfs code does. Reported by: Yue Sun <[email protected]> Reported by: xingwei lee <[email protected]>
    Added Reference kernel.org https://git.kernel.org/stable/c/976b1b2680fb4c01aaf05a0623288d87619a6c93 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f5e65b782f3e07324b9a8fa3cdaee422f057c758 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f860595512ff5c05a29fa4d64169c3fd1186b8cf [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/20a915154ccb88da08986ab6c9fc4c1cf6259de2 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/5a02df3e92470efd589712925b5c722e730276a0 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/32223b0b60d53f49567fc501f91ca076ae96be6b [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/3ddf944b32f88741c303f0b21459dbb3872b8bc5 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-35876 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-35876 weaknesses.

NONE - Vulnerability Scoring System
: