PT-2024-8342 · Linux+8 · Linux Kernel+8

David Thompson

·

Published

2024-03-26

·

Updated

2025-09-29

·

CVE-2024-35907

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.0-1036-bluefield
Description The vulnerability is related to the mlxbf gige driver in the Linux kernel. When kdump is enabled, the driver encounters a NULL pointer exception in the mlxbf gige open() function. This happens because there is a pending RX interrupt before the call to request irq(RX IRQ) executes, and the RX IRQ handler fires immediately after this request irq() completes. The issue can be reproduced by enabling kdump, triggering kdump via /proc/sysrq-trigger, and loading the mlxbf gige module.
Recommendations To resolve the issue, update the Linux kernel to version 5.15.0-1036-bluefield or later. If an update is not available, consider disabling the mlxbf gige driver or the kdump feature as a temporary workaround to prevent the NULL pointer exception.

Exploit

Fix

Out of bounds Read

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-476

Related Identifiers

ALSA-2024:4928
ALSA-2025_16880
BDU:2024-09898
CVE-2024-35907
INFSA-2024_4928
RHSA-2024:4928
RHSA-2024:5364
RHSA-2024:5365
RHSA-2024_4928
RLSA-2024:4928
RXSA-2024:4928
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6918-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu