PT-2024-8410 · Linux+5 · Linux Kernel+5

Steffen Trumtrar

Published

2024-03-13

Updated

2025-03-28

CVE-2024-35819

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the qbman component of the Linux kernel, where the smp call function always runs its callback in hard IRQ context, even on PREEMPT RT, where spinlocks can sleep. This requires the use of a raw spinlock for cgr lock to prevent waiting on a sleeping task. The bug was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change") which invokes smp call function single via qman update cgr safe every time a link goes up or down.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2024-09969

CVE-2024-35819

DLA-3840-1

DLA-3842-1

OESA-2024-1736

OESA-2024-1737

OESA-2024-1738

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2493-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

USN-6896-1

USN-6896-2

USN-6896-3

USN-6896-4

USN-6896-5

USN-6898-1

USN-6898-2

USN-6898-3

USN-6898-4

USN-6917-1

USN-6919-1

USN-6927-1

USN-7019-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-8410 · Linux+5 · Linux Kernel+5

CVE-2024-35819

Weakness Enumeration

Related Identifiers

Affected Products

References · 4457