vulnerability

Red Hat: CVE-2024-35907: kernel: mlxbf_gige: call request_irq() after NAPI initialized (Multiple Advisories)

Name: Red Hat: CVE-2024-35907: kernel: mlxbf_gige: call request_irq() after NAPI initialized (Multiple Advisories)
Creator: Red Hat
Published: 2024-05-19T00:00:00.000Z
Keywords: CVE, CWE-476, Red Hat, 2024, 35907, kernel, redhat-upgrade-kernel, redhat-upgrade-kernel-rt, Severity 5

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

May 19, 2024

Added

Sep 13, 2024

Modified

Jun 12, 2026

Description

CVE-2024-35907 is a vulnerability in the Linux kernel's mlxbf_gige driver, which supports Mellanox BlueField devices. The issue occurs during kdump operations when a receive (RX) interrupt is triggered before the driver fully initializes. This leads to a race condition that can result in a NULL pointer dereference, causing the system to crash.

A pending RX interrupt before the driver requests the IRQ can lead to an improper sequence of operations, resulting in the crash.

This flaw affects system stability during kdump operations, potentially causing kernel panics.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report