CVE-2024-35995

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue is related to the ACPI CPPC (Collaborative Processor Performance Control) in the Linux kernel, where using bit width for system memory accesses could lead to issues since it can be any 8-bit value and may not always be on a clean 8b boundary. This was discovered on the Cobalt 100 platform. The problem causes a kernel panic due to an asynchronous SError interrupt. To fix this, the kernel now uses access width to determine the size and shifts and masks the bits accordingly for read/write operations, with a fallback to bit width if access width is not set.

Recommendations For Linux kernel versions prior to 6.6.37, update to version 6.6.37 or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

AZL-67764

BDU:2025-03446

CVE-2024-35995

INFSA-2024_9315

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1682

OESA-2024-1692

OESA-2024-1693

OPENSUSE-SU-2024_2947-1

RHSA-2024:9315

RHSA-2024_9315

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

Affected Products

Astra Linux

Debian

Linux Kernel

Red Hat

Red Os

Suse

CVE-2024-35995

Weakness Enumeration

Related Identifiers

Affected Products

References · 3767