PT-2024-26833 · Linux+4 · Linux Kernel+4

Geert Uytterhoeven

Published

2024-04-19

Updated

2024-11-15

CVE-2024-35996

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue is related to CPU mitigations in the Linux kernel. A recent commit missed that "cpu mitigations" is completely generic, whereas SPECULATION MITIGATIONS is x86-specific. This led to unnecessary confusion. The mitigation has been re-enabled by default for non-X86 architectures. The change allows x86 to use a single configuration for managing mitigations not strictly related to speculative execution.

Recommendations Update to Linux kernel version 6.6.37 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2025-08078

CVE-2024-35996

DLA-3842-1

MGASA-2024-0263

MGASA-2024-0266

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-26833 · Linux+4 · Linux Kernel+4

CVE-2024-35996

Weakness Enumeration

Related Identifiers

Affected Products

References · 282