VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-6rjy-549b-h7hy

Essentials
Severities (7)
References (14)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6rjy-549b-h7hy
Aliases	CVE-2024-35808
Summary	In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call md_reap_sync_thread() directly Currently md_reap_sync_thread() is called from raid_message() directly without holding 'reconfig_mutex', this is definitely unsafe because md_reap_sync_thread() can change many fields that is protected by 'reconfig_mutex'. However, hold 'reconfig_mutex' here is still problematic because this will cause deadlock, for example, commit 130443d60b1b ("md: refactor idle/frozen_sync_thread() to fix deadlock"). Fix this problem by using stop_sync_thread() to unregister sync_thread, like md/raid did.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35808.json
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2024-35808
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2024-35808
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc
ssvc	Track	https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669
ssvc	Track	https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35808.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-35808
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35808
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2281219		https://bugzilla.redhat.com/show_bug.cgi?id=2281219
347dcdc15a1706f61aa545ae498ededdf31aeebc		https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc
9e59b8d76ff511505eb0dd1478329f09e0f04669		https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669
cd32b27a66db8776d8b8e82ec7d7dde97a8693b0		https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0
RHSA-2024:9315		https://access.redhat.com/errata/RHSA-2024:9315
USN-6816-1		https://usn.ubuntu.com/6816-1/
USN-6817-1		https://usn.ubuntu.com/6817-1/
USN-6817-2		https://usn.ubuntu.com/6817-2/
USN-6817-3		https://usn.ubuntu.com/6817-3/
USN-6878-1		https://usn.ubuntu.com/6878-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35808.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T14:17:42Z/ Found at https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T14:17:42Z/ Found at https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T14:17:42Z/ Found at https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0

Exploit Prediction Scoring System (EPSS)

Percentile	0.00734
EPSS Score	8e-05
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:50:23.906068+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0