[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-35839":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":66,"related":67,"reserved_at":9,"published_at":81,"modified_at":82,"state":83,"summary":84,"references_raw":93,"kevs":112,"epss":113,"epss_history":116,"metrics":370,"affected":376},"CVE-2024-35839","In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: replace physindev with physinif in nf_bridge_info\n\nAn skb can be added to a neigh->arp_queue while waiting for an arp\nreply. Where original skb's skb->dev can be different to neigh's\nneigh->dev. For instance in case of bridging dnated skb from one veth to\nanother, the skb would be added to a neigh->arp_queue of the bridge.\n\nAs skb->dev can be reset back to nf_bridge->physindev and used, and as\nthere is no explicit mechanism that prevents this physindev from been\nfreed under us (for instance neigh_flush_dev doesn't cleanup skbs from\ndifferent device's neigh queue) we can crash on e.g. this stack:\n\narp_process\n  neigh_update\n    skb = __skb_dequeue(&neigh->arp_queue)\n      neigh_resolve_output(..., skb)\n        ...\n          br_nf_dev_xmit\n            br_nf_pre_routing_finish_bridge_slow\n              skb->dev = nf_bridge->physindev\n              br_handle_frame_finish\n\nLet's use plain ifindex instead of net_device link. To peek into the\noriginal net_device we will use dev_get_by_index_rcu(). Thus either we\nget device and are safe to use it or we don't get it and drop skb.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64],{"_key":23},"SUSE-SU-2025:0289-1",{"_key":25},"SUSE-SU-2025:0117-1",{"_key":27},"SUSE-SU-2025:0153-1",{"_key":29},"SUSE-SU-2025:0154-1",{"_key":31},"SUSE-SU-2025:02334-1",{"_key":33},"SUSE-SU-2025:20165-1",{"_key":35},"SUSE-SU-2025:20166-1",{"_key":37},"SUSE-SU-2025:20248-1",{"_key":39},"SUSE-SU-2025:20249-1",{"_key":41},"DEBIAN-CVE-2024-35839",{"_key":43},"RHSA-2024:5928",{"_key":45},"RHSA-2024:6267",{"_key":47},"RHSA-2024:6268",{"_key":49},"RHSA-2024:8870",{"_key":51},"RHSA-2024:8856",{"_key":53},"UBUNTU-CVE-2024-35839",{"_key":55},"USN-6818-1",{"_key":57},"USN-6818-3",{"_key":59},"USN-6818-4",{"_key":61},"USN-6819-1",{"_key":63},"USN-6819-3",{"_key":65},"USN-6819-4",[],[68,69,71,73,74,75,76,77,78,79,80],{"_key":23},{"_key":70},"USN-6818-2",{"_key":72},"USN-6819-2",{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},"2024-05-17T14:27:30.524Z","2026-05-11T20:12:08.170Z","Analyzed",{"cisa_kev":85,"cisa_ransomware":85,"cisa_vendor":9,"epss_severity":86,"epss_score":87,"severity":88,"severity_score":89,"severity_version":90,"severity_source":91,"severity_vector":92,"severity_status":83},false,"low",0.00015,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[94,100,104,108],{"url":95,"sources":96,"tags":98},"https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b",[97,91],"cve.org",[99],"Patch",{"url":101,"sources":102,"tags":103},"https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547",[97,91],[99],{"url":105,"sources":106,"tags":107},"https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c",[97,91],[99],{"url":109,"sources":110,"tags":111},"https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86",[97,91],[99],[],{"date":114,"score":87,"percentile":115},"2026-06-03",0.0328,[117,120,123,126,129,132,135,138,140,143,146,149,152,155,158,162,165,168,171,174,177,180,183,186,189,191,194,197,200,203,206,209,212,215,217,220,223,225,228,231,234,237,239,241,244,247,250,253,256,259,262,265,268,271,274,276,279,282,284,287,289,292,294,297,300,303,306,309,312,315,317,319,321,324,326,329,331,333,336,339,342,345,348,350,352,355,358,361,364,367],{"date":118,"score":87,"percentile":119},"2025-11-04",0.02104,{"date":121,"score":87,"percentile":122},"2025-11-05",0.02135,{"date":124,"score":87,"percentile":125},"2025-11-06",0.02158,{"date":127,"score":87,"percentile":128},"2025-11-07",0.02169,{"date":130,"score":87,"percentile":131},"2025-11-08",0.02182,{"date":133,"score":87,"percentile":134},"2025-11-09",0.02181,{"date":136,"score":87,"percentile":137},"2025-11-10",0.02165,{"date":139,"score":87,"percentile":131},"2025-11-11",{"date":141,"score":87,"percentile":142},"2025-11-12",0.02191,{"date":144,"score":87,"percentile":145},"2025-11-13",0.0222,{"date":147,"score":87,"percentile":148},"2025-11-14",0.02232,{"date":150,"score":87,"percentile":151},"2025-11-15",0.02254,{"date":153,"score":87,"percentile":154},"2025-11-16",0.02256,{"date":156,"score":87,"percentile":157},"2025-11-17",0.02241,{"date":159,"score":160,"percentile":161},"2025-11-18",0.00091,0.21977,{"date":163,"score":160,"percentile":164},"2025-11-19",0.21988,{"date":166,"score":160,"percentile":167},"2025-11-20",0.21996,{"date":169,"score":87,"percentile":170},"2025-11-21",0.02309,{"date":172,"score":87,"percentile":173},"2025-11-22",0.0231,{"date":175,"score":87,"percentile":176},"2025-11-23",0.02304,{"date":178,"score":87,"percentile":179},"2025-11-24",0.02291,{"date":181,"score":87,"percentile":182},"2025-11-25",0.02279,{"date":184,"score":87,"percentile":185},"2025-11-26",0.02257,{"date":187,"score":87,"percentile":188},"2025-11-27",0.02253,{"date":190,"score":87,"percentile":188},"2025-11-28",{"date":192,"score":87,"percentile":193},"2025-11-29",0.02301,{"date":195,"score":87,"percentile":196},"2025-11-30",0.02298,{"date":198,"score":87,"percentile":199},"2025-12-01",0.02352,{"date":201,"score":87,"percentile":202},"2025-12-02",0.02346,{"date":204,"score":87,"percentile":205},"2025-12-03",0.02348,{"date":207,"score":87,"percentile":208},"2025-12-04",0.0229,{"date":210,"score":87,"percentile":211},"2025-12-05",0.023,{"date":213,"score":87,"percentile":214},"2025-12-06",0.02306,{"date":216,"score":87,"percentile":170},"2025-12-07",{"date":218,"score":87,"percentile":219},"2025-12-08",0.02305,{"date":221,"score":87,"percentile":222},"2025-12-09",0.02323,{"date":224,"score":87,"percentile":199},"2025-12-10",{"date":226,"score":87,"percentile":227},"2025-12-11",0.0236,{"date":229,"score":87,"percentile":230},"2025-12-12",0.0237,{"date":232,"score":87,"percentile":233},"2025-12-13",0.02351,{"date":235,"score":87,"percentile":236},"2025-12-14",0.02357,{"date":238,"score":87,"percentile":205},"2025-12-15",{"date":240,"score":87,"percentile":202},"2025-12-16",{"date":242,"score":87,"percentile":243},"2025-12-17",0.02362,{"date":245,"score":87,"percentile":246},"2025-12-18",0.02365,{"date":248,"score":87,"percentile":249},"2025-12-19",0.02372,{"date":251,"score":87,"percentile":252},"2025-12-20",0.02367,{"date":254,"score":87,"percentile":255},"2025-12-21",0.02373,{"date":257,"score":87,"percentile":258},"2025-12-22",0.02371,{"date":260,"score":87,"percentile":261},"2025-12-23",0.02376,{"date":263,"score":87,"percentile":264},"2025-12-24",0.02386,{"date":266,"score":87,"percentile":267},"2025-12-25",0.02393,{"date":269,"score":87,"percentile":270},"2025-12-26",0.02396,{"date":272,"score":87,"percentile":273},"2025-12-27",0.02381,{"date":275,"score":87,"percentile":267},"2025-12-28",{"date":277,"score":87,"percentile":278},"2025-12-29",0.02382,{"date":280,"score":87,"percentile":281},"2025-12-30",0.02377,{"date":283,"score":87,"percentile":246},"2025-12-31",{"date":285,"score":87,"percentile":286},"2026-01-01",0.02425,{"date":288,"score":87,"percentile":286},"2026-01-02",{"date":290,"score":87,"percentile":291},"2026-01-03",0.02426,{"date":293,"score":87,"percentile":236},"2026-01-04",{"date":295,"score":87,"percentile":296},"2026-01-05",0.02361,{"date":298,"score":87,"percentile":299},"2026-01-06",0.02349,{"date":301,"score":87,"percentile":302},"2026-01-07",0.02364,{"date":304,"score":87,"percentile":305},"2026-01-08",0.02388,{"date":307,"score":87,"percentile":308},"2026-01-09",0.02402,{"date":310,"score":87,"percentile":311},"2026-01-10",0.02411,{"date":313,"score":87,"percentile":314},"2026-01-11",0.02395,{"date":316,"score":87,"percentile":258},"2026-01-12",{"date":318,"score":87,"percentile":227},"2026-01-13",{"date":320,"score":87,"percentile":246},"2026-01-14",{"date":322,"score":87,"percentile":323},"2026-01-15",0.02358,{"date":325,"score":87,"percentile":199},"2026-01-16",{"date":327,"score":87,"percentile":328},"2026-01-17",0.02355,{"date":330,"score":87,"percentile":302},"2026-01-18",{"date":332,"score":87,"percentile":299},"2026-01-19",{"date":334,"score":87,"percentile":335},"2026-01-20",0.02338,{"date":337,"score":87,"percentile":338},"2026-01-21",0.02333,{"date":340,"score":87,"percentile":341},"2026-01-22",0.0233,{"date":343,"score":87,"percentile":344},"2026-01-23",0.0234,{"date":346,"score":87,"percentile":347},"2026-01-24",0.02363,{"date":349,"score":87,"percentile":328},"2026-01-25",{"date":351,"score":87,"percentile":233},"2026-01-26",{"date":353,"score":87,"percentile":354},"2026-01-27",0.02354,{"date":356,"score":87,"percentile":357},"2026-01-28",0.02359,{"date":359,"score":87,"percentile":360},"2026-01-29",0.0238,{"date":362,"score":87,"percentile":363},"2026-01-30",0.02387,{"date":365,"score":87,"percentile":366},"2026-01-31",0.02409,{"date":368,"score":87,"percentile":369},"2026-02-01",0.02464,[371],{"source":91,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":372,"cvss_v4_0":9},{"baseScore":89,"baseSeverity":373,"vectorString":92,"impactScore":374,"exploitabilityScore":375},"MEDIUM",6,4.6,[377,400],{"ecosystem":9,"name":378,"vendor":379,"product":379,"cpe_part":380,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":381},"Linux","linux","a",[382,389,392,395,398],{"version":383,"is_range":384,"range_type":97,"version_start":385,"version_start_type":386,"version_end":387,"version_end_type":388,"fixed_in":9},">= c4e70a87d975d1f561a00abfe2d3cefa2a486c95, \u003C 7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b",true,"c4e70a87d975d1f561a00abfe2d3cefa2a486c95","including","7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b","excluding",{"version":390,"is_range":384,"range_type":97,"version_start":385,"version_start_type":386,"version_end":391,"version_end_type":388,"fixed_in":9},">= c4e70a87d975d1f561a00abfe2d3cefa2a486c95, \u003C 9325e3188a9cf3f69fc6f32af59844bbc5b90547","9325e3188a9cf3f69fc6f32af59844bbc5b90547",{"version":393,"is_range":384,"range_type":97,"version_start":385,"version_start_type":386,"version_end":394,"version_end_type":388,"fixed_in":9},">= c4e70a87d975d1f561a00abfe2d3cefa2a486c95, \u003C 544add1f1cfb78c3dfa3e6edcf4668f6be5e730c","544add1f1cfb78c3dfa3e6edcf4668f6be5e730c",{"version":396,"is_range":384,"range_type":97,"version_start":385,"version_start_type":386,"version_end":397,"version_end_type":388,"fixed_in":9},">= c4e70a87d975d1f561a00abfe2d3cefa2a486c95, \u003C 9874808878d9eed407e3977fd11fee49de1e1d86","9874808878d9eed407e3977fd11fee49de1e1d86",{"version":399,"is_range":85,"range_type":97,"version_start":399,"version_start_type":386,"version_end":399,"version_end_type":386,"fixed_in":9},"4.2",{"ecosystem":9,"name":401,"vendor":379,"product":402,"cpe_part":403,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":404},"linux kernel","linux_kernel","o",[405,409,413],{"version":406,"is_range":384,"range_type":407,"version_start":399,"version_start_type":386,"version_end":408,"version_end_type":388,"fixed_in":9},"gte4.2_lt6.1.75","cpe","6.1.75",{"version":410,"is_range":384,"range_type":407,"version_start":411,"version_start_type":386,"version_end":412,"version_end_type":388,"fixed_in":9},"gte6.2_lt6.6.14","6.2","6.6.14",{"version":414,"is_range":384,"range_type":407,"version_start":415,"version_start_type":386,"version_end":416,"version_end_type":388,"fixed_in":9},"gte6.7_lt6.7.2","6.7","6.7.2"]