vulnerability
Ubuntu: (CVE-2024-35836): linux-bluefield vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | May 17, 2024 | Feb 11, 2025 | Sep 22, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
dpll: fix pin dump crash for rebound module
When a kernel module is unbound but the pin resources were not entirely
freed (other kernel module instance of the same PCI device have had kept
the reference to that pin), and kernel module is again bound, the pin
properties would not be updated (the properties are only assigned when
memory for the pin is allocated), prop pointer still points to the
kernel module memory of the kernel module which was deallocated on the
unbind.
If the pin dump is invoked in this state, the result is a kernel crash.
Prevent the crash by storing persistent pin properties in dpll subsystem,
copy the content from the kernel module when pin is allocated, instead of
using memory of the kernel module.
Solutions
References
- CVE-2024-35836
- https://attackerkb.com/topics/CVE-2024-35836
- CWE-416
- URL-https://git.kernel.org/linus/830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b
- URL-https://git.kernel.org/stable/c/5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c
- URL-https://git.kernel.org/stable/c/830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b
- URL-https://www.cve.org/CVERecord?id=CVE-2024-35836
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.