PT-2024-26757 · Linux+1 · Linux Kernel+1

Published

2024-01-22

Updated

2025-09-19

CVE-2024-35836

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue occurs when a kernel module is unbound but the pin resources were not entirely freed, and the kernel module is again bound. In this state, the pin properties would not be updated, and the prop pointer still points to the kernel module memory of the kernel module which was deallocated on the unbind. If the pin dump is invoked in this state, the result is a kernel crash. The crash is prevented by storing persistent pin properties in the dpll subsystem and copying the content from the kernel module when the pin is allocated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-03504

CVE-2024-35836

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

Affected Products

Linux Kernel

Suse

PT-2024-26757 · Linux+1 · Linux Kernel+1

CVE-2024-35836

Weakness Enumeration

Related Identifiers

Affected Products

References · 2793