CVE-2024-35837

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f	Patch
https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b	Patch
https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38	Patch
https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa	Patch
https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec	Patch
https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4	Patch
https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f	Patch
https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b	Patch
https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38	Patch
https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa	Patch
https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec	Patch
https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-05-17 14:15

Updated : 2025-12-17 19:22

NVD link : CVE-2024-35837

Mitre link : CVE-2024-35837

CVE.ORG link : CVE-2024-35837

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-35837", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-17T14:15:20.707", "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: mvpp2: borre el grupo de BM antes de la inicializaci\u00f3n. El valor del registro persiste despu\u00e9s de iniciar el kernel usando kexec, lo que genera p\u00e1nico en el kernel. Por lo tanto, borre los registros del grupo BM antes de la inicializaci\u00f3n para solucionar el problema."}], "lastModified": "2025-12-17T19:22:58.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B5E984B-7AD4-44B9-A4CE-EAFC67D1F495", "versionEndExcluding": "5.10.210", "versionStartIncluding": "3.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD", "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E", "versionEndExcluding": "6.1.76", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468", "versionEndExcluding": "6.6.15", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF", "versionEndExcluding": "6.7.3", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}