Details of VAR-202405-3630

ID

VAR-202405-3630

CVE

CVE-2024-35955

TITLE

Linux of Linux Kernel Vulnerability related to use of freed memory in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-2024-021559

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Linux of Linux Kernel Products from multiple vendors, including Microsoft, contain freed memory usage vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server

Trust: 2.16

sources: NVD: CVE-2024-35955 // JVNDB: JVNDB-2024-021559 // CNVD: CNVD-2025-19346

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19346

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	eq	version:	6.9	Trust: 1.8
vendor:	linux	model:	kernel	scope:	lt	version:	4.15	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.19	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.14.291	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.4.211	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.19.256	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.15.61	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.10.216	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.4.275	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.10.137	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.1.87	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.15.157	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.18.18	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.6.28	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.19.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.313	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.8.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.7	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	6.2 that's all 6.6.28	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	6.7 that's all 6.8.7	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.19.256 that's all 4.19.313	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.15.61 that's all 5.15.157	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.18.18 that's all 5.19	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.10.137 that's all 5.10.216	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.4.211 that's all 5.4.275	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.19.2 that's all 6.1.87	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.14.291 that's all 4.15	Trust: 0.8
vendor:	siemens	model:	ruggedcom rst2428p	scope:	lt	version:	v3.1	Trust: 0.6
vendor:	siemens	model:	scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 family	scope:	lt	version:	v3.1	Trust: 0.6
vendor:	siemens	model:	scalance xcm-/xrm-/xch-/xrh-300 family	scope:	lt	version:	v3.1	Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-021559 // NVD: CVE-2024-35955

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-35955
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-021559
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-19346
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-19346
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-35955
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-021559
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-021559 // NVD: CVE-2024-35955

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-021559 // NVD: CVE-2024-35955

PATCH

title:	Linux Kernel Archives	url:	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	Trust: 0.8
title:	Patch for Multiple vulnerabilities in Siemens SINEC OS third-party components	url:	https://www.cnvd.org.cn/patchInfo/show/723071	Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-021559

EXTERNAL IDS

db:	NVD	id:	CVE-2024-35955	Trust: 2.6
db:	SIEMENS	id:	SSA-613116	Trust: 1.6
db:	SIEMENS	id:	SSA-265688	Trust: 1.0
db:	JVNDB	id:	JVNDB-2024-021559	Trust: 0.8
db:	CNVD	id:	CNVD-2025-19346	Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-021559 // NVD: CVE-2024-35955

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-613116.html	Trust: 1.6
url:	https://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808	Trust: 1.0
url:	https://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0	Trust: 1.0
url:	https://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html	Trust: 1.0
url:	https://cert-portal.siemens.com/productcert/html/ssa-265688.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412	Trust: 1.0
url:	https://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8	Trust: 1.0
url:	https://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33	Trust: 1.0
url:	https://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-35955	Trust: 0.8

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-021559 // NVD: CVE-2024-35955

SOURCES

db:	CNVD	id:	CNVD-2025-19346
db:	JVNDB	id:	JVNDB-2024-021559
db:	NVD	id:	CVE-2024-35955

LAST UPDATE DATE

2026-06-18T18:22:39.372000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19346	date:	2025-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2024-021559	date:	2025-04-07T09:16:00
db:	NVD	id:	CVE-2024-35955	date:	2026-05-12T12:16:43.133

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19346	date:	2025-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-021559	date:	2025-04-07T00:00:00
db:	NVD	id:	CVE-2024-35955	date:	2024-05-20T10:15:10.850