PT-2024-8261 · Linux+5 · Linux Kernel+5

Claus Hansen Ries

Published

2024-03-25

Updated

2025-09-18

CVE-2024-35796

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the replacement of the platform get resource function with devm platform ioremap resource byname in the Linux kernel, specifically in the ll temac component. This replacement causes a null pointer in the strcmp function, leading to a potential denial of service. The function platform get resource byname is called with a name of 0, which results in the null pointer. The correct replacement should have been devm platform ioremap resource.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-09814

CVE-2024-35796

DLA-3842-1

OESA-2024-1737

OESA-2024-1738

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

USN-6898-1

USN-6898-2

USN-6898-3

USN-6898-4

USN-6917-1

USN-6919-1

USN-6927-1

USN-7019-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-8261 · Linux+5 · Linux Kernel+5

CVE-2024-35796

Weakness Enumeration

Related Identifiers

Affected Products

References · 4138