PT-2024-26826 · Linux+9 · Linux Kernel+9

Terrence Xu

·

Published

2024-03-13

·

Updated

2025-09-29

·

CVE-2024-35989

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37
Description The issue occurs during the removal of the idxd driver on single-CPU platforms, where the registered offline callback is invoked as part of the clean-up process. However, with only one CPU online, there is no valid target to migrate the perf context, resulting in a kernel oops. This happens due to a page fault for a non-present page, causing the kernel to crash. The problem is fixed by preventing the migration of the perf context to an invalid target.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. If updating is not possible, consider disabling the idxd driver or restricting its use on single-CPU platforms until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:7000
ALSA-2024:7001
ALSA-2024:8162
ALSA-2025_16880
BDU:2025-03064
CESA-2024_7000
CESA-2024_7001
CVE-2024-35989
INFSA-2024_7000
INFSA-2024_7001
INFSA-2024_8162
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1694
OESA-2024-1838
RHSA-2024:7000
RHSA-2024:7001
RHSA-2024:8162
RHSA-2024_7000
RHSA-2024_7001
RHSA-2024_8162
RLSA-2024:7001
RLSA-2024:8162
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6919-1
USN-6927-1
USN-6949-1
USN-6949-2
USN-6952-1
USN-6952-2
USN-6955-1
USN-7019-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu