VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-73ef-4zfx-b3af

Essentials
Severities (7)
References (27)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-73ef-4zfx-b3af
Aliases	CVE-2024-35904
Summary	In the Linux kernel, the following vulnerability has been resolved: selinux: avoid dereference of garbage after mount failure In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35904.json
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-35904
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2024-35904
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b
ssvc	Track	https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e
ssvc	Track	https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35904.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-35904
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35904
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2281655		https://bugzilla.redhat.com/show_bug.cgi?id=2281655
37801a36b4d68892ce807264f784d818f8d0d39b		https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b
477ed6789eb9f3f4d3568bb977f90c863c12724e		https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e
68784a5d01b8868ff85a7926676b6729715fff3c		https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c
RHSA-2024:9315		https://access.redhat.com/errata/RHSA-2024:9315
USN-6893-1		https://usn.ubuntu.com/6893-1/
USN-6893-2		https://usn.ubuntu.com/6893-2/
USN-6893-3		https://usn.ubuntu.com/6893-3/
USN-6918-1		https://usn.ubuntu.com/6918-1/
USN-7159-1		https://usn.ubuntu.com/7159-1/
USN-7159-2		https://usn.ubuntu.com/7159-2/
USN-7159-3		https://usn.ubuntu.com/7159-3/
USN-7159-4		https://usn.ubuntu.com/7159-4/
USN-7159-5		https://usn.ubuntu.com/7159-5/
USN-7166-1		https://usn.ubuntu.com/7166-1/
USN-7166-2		https://usn.ubuntu.com/7166-2/
USN-7166-3		https://usn.ubuntu.com/7166-3/
USN-7166-4		https://usn.ubuntu.com/7166-4/
USN-7186-1		https://usn.ubuntu.com/7186-1/
USN-7186-2		https://usn.ubuntu.com/7186-2/
USN-7194-1		https://usn.ubuntu.com/7194-1/
USN-7195-1		https://usn.ubuntu.com/7195-1/
USN-7195-2		https://usn.ubuntu.com/7195-2/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35904.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T14:08:38Z/ Found at https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T14:08:38Z/ Found at https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T14:08:38Z/ Found at https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c

Exploit Prediction Scoring System (EPSS)

Percentile	0.08584
EPSS Score	0.00028
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:50:30.866031+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0