What is CVE-2024-35974?

CVE-2024-35974 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-35974 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-35974?

CVE-2024-35974 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-35974?

No patch is currently available for CVE-2024-35974. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-35974 actively exploited?

CVE-2024-35974 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-35974

Medium

In the Linux kernel, the following vulnerability has been resolved: block: fix q->blkg_list corruption during disk rebind Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q->blkg_list when calling blkcg_init_disk() for rebind, then q->blkg_list becomes corrupted. Fix the list corruption issue by: - add blkg_init_queue() to initialize q->blkg_list & q->blkcg_mutex only - move calling blkg_init_queue() into blk_alloc_queue() The list corruption should be started since commit f1c006f1c685 ("blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()") which delays removing blkg from q->blkg_list into blkg_free_workfn().

Package Linux Kernel

Published 2024-05-20

Last modified 2025-12-23

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-35974 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/083b58373463a6e5ee60ecb135269348f68ad7df
Patch
Kernel patch commit
https://git.kernel.org/stable/c/740ffad95ca8033bd6e080ed337655b13b4d38ac
Patch
Kernel patch commit
https://git.kernel.org/stable/c/858c489d81d659af17a4d11cfaad2afb42e47a76
Patch

5 patch commits total View all on NVD

Details

CVE ID CVE-2024-35974

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-20

Modified 2025-12-23

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-35974?

CVE-2024-35974 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-35974 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-35974?

CVE-2024-35974 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-35974?

No patch is currently available for CVE-2024-35974. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-35974 actively exploited?

No — CVE-2024-35974 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.