CVE-2024-35885

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.0-bf.6.gef6992a

Description The vulnerability is related to the mlxbf gige driver in the Linux kernel, which encounters a NULL pointer exception during system shutdown via the "reboot" command. This exception occurs because the driver's shutdown() method is always executed, but the stop() method may not be executed if the networking interface configuration logic is not properly set up. As a result, NAPI remains enabled, leading to a potential exception if NAPI is scheduled while the hardware interface is partially deinitialized. The issue can cause a kernel panic and prevent the system from shutting down properly.

Recommendations To resolve this issue, ensure that the networking interface managed by the mlxbf gige driver is properly stopped during system shutdown. This can be achieved by setting up the networking interface configuration logic within the Linux distribution to execute the stop() method. Additionally, consider updating to a newer version of the Linux kernel, such as 5.15.0-bf.6.gef6992a or later, which includes the resolved vulnerability.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.