PT-2024-8499 · Linux+4 · Linux Kernel+4

Stefan Orear

Published

2024-04-04

Updated

2026-01-22

CVE-2024-35871

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel has a flaw related to a potential information leak. Specifically, the childregs registers, which represent the registers active for a new thread in user context, can expose the kernel's global pointer (gp) value in certain scenarios. This is due to the kernel execve function not clearing integer registers, potentially revealing the gp value to user space after execve or through other means like ptrace or performance tracing. This issue affects kernel threads and user mode helper threads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2024-10059

CVE-2024-35871

DLA-3842-1

OESA-2024-1707

OESA-2024-2295

USN-6893-1

USN-6893-2

USN-6893-3

USN-6898-1

USN-6898-2

USN-6898-3

USN-6898-4

USN-6917-1

USN-6918-1

USN-6919-1

USN-6927-1

USN-7019-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-8499 · Linux+4 · Linux Kernel+4

CVE-2024-35871

Weakness Enumeration

Related Identifiers

Affected Products

References · 825