Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bk5m-3sd5-hqce
Vulnerability ID VCID-bk5m-3sd5-hqce
Aliases CVE-2024-35924
Summary In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to use the read UCSI version to truncate read sizes on UCSI v1.2.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35924.json
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2024-35924
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2024-35924
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2024-35924
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f
ssvc Track https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40
ssvc Track https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35924.json
https://api.first.org/data/v1/epss?cve=CVE-2024-35924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
0defcaa09d3b21e8387829ee3a652c43fa91e13f https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f
2281758 https://bugzilla.redhat.com/show_bug.cgi?id=2281758
266f403ec47573046dee4bcebda82777ce702c40 https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40
b3db266fb031fba88c423d4bb8983a73a3db6527 https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527
RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315
RHSA-2025:10701 https://access.redhat.com/errata/RHSA-2025:10701
USN-6893-1 https://usn.ubuntu.com/6893-1/
USN-6893-2 https://usn.ubuntu.com/6893-2/
USN-6893-3 https://usn.ubuntu.com/6893-3/
USN-6918-1 https://usn.ubuntu.com/6918-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35924.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T15:11:13Z/ Found at https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T15:11:13Z/ Found at https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T15:11:13Z/ Found at https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527
Exploit Prediction Scoring System (EPSS)
Percentile 0.0544
EPSS Score 0.00019
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:50:32.085215+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0