What is CVE-2024-35787?

CVE-2024-35787 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-35787 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-35787?

CVE-2024-35787 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-35787?

No patch is currently available for CVE-2024-35787. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-35787 actively exploited?

CVE-2024-35787 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-35787

Medium

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") removed page->index from bitmap code, but left wrong code logic for clustered-md. current code never set slot offset for cluster nodes, will sometimes cause crash in clustered env. Call trace (partly): md_bitmap_file_set_bit+0x110/0x1d8 [md_mod] md_bitmap_startwrite+0x13c/0x240 [md_mod] raid1_make_request+0x6b0/0x1c08 [raid1] md_handle_request+0x1dc/0x368 [md_mod] md_submit_bio+0x80/0xf8 [md_mod] __submit_bio+0x178/0x300 submit_bio_noacct_nocheck+0x11c/0x338 submit_bio_noacct+0x134/0x614 submit_bio+0x28/0xdc submit_bh_wbc+0x130/0x1cc submit_bh+0x1c/0x28

Package Linux Kernel

Published 2024-05-17

Last modified 2025-09-26

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-35787 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240
Patch
Kernel patch commit
https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2024-35787

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-17

Modified 2025-09-26

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-35787?

CVE-2024-35787 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-35787 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-35787?

CVE-2024-35787 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-35787?

No patch is currently available for CVE-2024-35787. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-35787 actively exploited?

No — CVE-2024-35787 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.