What is CVE-2024-35839?

CVE-2024-35839 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-35839 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-35839?

CVE-2024-35839 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-35839?

No patch is currently available for CVE-2024-35839. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-35839 actively exploited?

CVE-2024-35839 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-35839

Medium

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism that prevents this physindev from been freed under us (for instance neigh_flush_dev doesn't cleanup skbs from different device's neigh queue) we can crash on e.g. this stack: arp_process neigh_update skb = __skb_dequeue(&neigh->arp_queue) neigh_resolve_output(..., skb) ... br_nf_dev_xmit br_nf_pre_routing_finish_bridge_slow skb->dev = nf_bridge->physindev br_handle_frame_finish Let's use plain ifindex instead of net_device link. To peek into the original net_device we will use dev_get_by_index_rcu(). Thus either we get device and are safe to use it or we don't get it and drop skb.

Package Linux Kernel

Published 2024-05-17

Last modified 2025-09-24

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-35839 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2024-35839

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-17

Modified 2025-09-24

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-35839?

CVE-2024-35839 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-35839 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-35839?

CVE-2024-35839 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-35839?

No patch is currently available for CVE-2024-35839. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-35839 actively exploited?

No — CVE-2024-35839 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.