{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35837", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.103Z", "datePublished": "2024-05-17T14:02:32.070Z", "dateUpdated": "2025-05-04T09:06:31.831Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:06:31.831Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"], "versions": [{"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "83f99138bf3b396f761600ab488054396fb5768f", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "af47faa6d3328406038b731794e7cf508c71affa", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "938729484cfa535e9987ed0f86f29a2ae3a8188b", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"], "versions": [{"version": "3.17", "status": "affected"}, {"version": "0", "lessThan": "3.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.76", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.15", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.3", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "5.10.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "5.15.149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.1.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.6.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.7.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"}], "title": "net: mvpp2: clear BM pool before initialization", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35837", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:16:07.925657Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:54.936Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.378Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.378Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35837", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:16:07.925657Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.619Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net: mvpp2: clear BM pool before initialization", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "83f99138bf3b396f761600ab488054396fb5768f", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "af47faa6d3328406038b731794e7cf508c71affa", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "938729484cfa535e9987ed0f86f29a2ae3a8188b", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.17"}, {"status": "unaffected", "version": "0", "lessThan": "3.17", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.76", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.15", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.3", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:56:11.428Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35837", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:56:11.428Z", "dateReserved": "2024-05-17T13:50:33.103Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T14:02:32.070Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B5E984B-7AD4-44B9-A4CE-EAFC67D1F495", "versionEndExcluding": "5.10.210", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD", "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E", "versionEndExcluding": "6.1.76", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468", "versionEndExcluding": "6.6.15", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF", "versionEndExcluding": "6.7.3", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: mvpp2: borre el grupo de BM antes de la inicializaci\u00f3n. El valor del registro persiste despu\u00e9s de iniciar el kernel usando kexec, lo que genera p\u00e1nico en el kernel. Por lo tanto, borre los registros del grupo BM antes de la inicializaci\u00f3n para solucionar el problema."}], "id": "CVE-2024-35837", "lastModified": "2025-12-17T19:22:58.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T14:15:20.707", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: mvpp2: clear BM pool before initialization", "id": "2281159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281159"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: mvpp2: clear BM pool before initialization\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue.", "A vulnerability was found in the Linux kernel's Marvell PPv2 (mvpp2) network driver, where the Buffer Management(BM) pool is not properly cleared before initialization. This oversight could lead to unintended behavior or security risks, such as the use of uninitialized data in network operations."], "mitigation": {"lang": "en:us", "value": "CVE-2024-35837 addresses a vulnerability in the Linux kernel's mvpp2 (Marvell PPv2) network driver, where the BM (Buffer Management) pool was not being properly cleared before initialization. This oversight could lead to unintended behavior or security risks, such as the use of uninitialized data in network operations. The fix ensures that the BM pool is cleared during the initialization process, enhancing the stability and security of the network driver."}, "name": "CVE-2024-35837", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35837\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35837\nhttps://lore.kernel.org/linux-cve-announce/2024051731-CVE-2024-35837-3159@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}

{"created": "2025-07-12T15:42:24.064267+00:00", "updated": "2025-07-12T15:42:24.064309+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}