PT-2024-8418 · Linux+7 · Linux Kernel+7

Robert Elliott

·

Published

2024-03-25

·

Updated

2025-09-29

·

CVE-2024-35911

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.77
Description The vulnerability is related to a memory corruption bug in the ice driver, which can cause the kernel to panic after suspend. The issue arises from the driver calling the ice vsi free q vectors() function by itself when suspending, leading to a zero-length buffer allocation and subsequent memory corruption. The fix involves ensuring that all code referencing num q vectors does so after it has been reset via ice vsi cfg def().
Recommendations To resolve the issue, update the Linux kernel to a version later than 6.1.77, which includes the fix for the memory corruption bug. As a temporary workaround, consider disabling the ice vsi rebuild set coalesce() function until a patch is available. However, this may have performance implications and should be carefully evaluated before implementation.

Exploit

Fix

Memory Corruption

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-476

Related Identifiers

ALSA-2024:5363
ALSA-2025_16880
BDU:2024-09977
CVE-2024-35911
INFSA-2024_5363
RHSA-2024:5363
RHSA-2024_5363
RLSA-2024:5363
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6918-1

Affected Products

Almalinux
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu