CVE-2024-35837 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f
https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b
https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38
https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa
https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec
https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/2024051731-CVE-2024-35837-3159@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35837
https://www.cve.org/CVERecord?id=CVE-2024-35837

History

Fri, 20 Dec 2024 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T14:02:32.070Z

Updated: 2025-05-04T09:06:31.831Z

Reserved: 2024-05-17T13:50:33.103Z

Link: CVE-2024-35837

Vulnrichment

Updated: 2024-08-02T03:21:48.378Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T14:15:20.707

Modified: 2024-11-21T09:21:00.830

Link: CVE-2024-35837

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35837 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35837", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.103Z", "datePublished": "2024-05-17T14:02:32.070Z", "dateUpdated": "2025-05-04T09:06:31.831Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:06:31.831Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"], "versions": [{"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "83f99138bf3b396f761600ab488054396fb5768f", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "af47faa6d3328406038b731794e7cf508c71affa", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "938729484cfa535e9987ed0f86f29a2ae3a8188b", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "status": "affected", "versionType": "git"}, {"version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"], "versions": [{"version": "3.17", "status": "affected"}, {"version": "0", "lessThan": "3.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.76", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.15", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.3", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "5.10.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "5.15.149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.1.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.6.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.7.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"}], "title": "net: mvpp2: clear BM pool before initialization", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35837", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:16:07.925657Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:54.936Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.378Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.378Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35837", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:16:07.925657Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.619Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net: mvpp2: clear BM pool before initialization", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "83f99138bf3b396f761600ab488054396fb5768f", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "af47faa6d3328406038b731794e7cf508c71affa", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "cec65f09c47d8c2d67f2bcad6cf05c490628d1ec", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "938729484cfa535e9987ed0f86f29a2ae3a8188b", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4", "versionType": "git"}, {"status": "affected", "version": "3f518509dedc99f0b755d2ce68d24f610e3a005a", "lessThan": "9f538b415db862e74b8c5d3abbccfc1b2b6caa38", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.17"}, {"status": "unaffected", "version": "0", "lessThan": "3.17", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.76", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.15", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.3", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"}, {"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"}, {"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"}, {"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"}, {"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"}, {"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:56:11.428Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35837", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:56:11.428Z", "dateReserved": "2024-05-17T13:50:33.103Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T14:02:32.070Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: mvpp2: borre el grupo de BM antes de la inicializaci\u00f3n. El valor del registro persiste despu\u00e9s de iniciar el kernel usando kexec, lo que genera p\u00e1nico en el kernel. Por lo tanto, borre los registros del grupo BM antes de la inicializaci\u00f3n para solucionar el problema."}], "id": "CVE-2024-35837", "lastModified": "2024-11-21T09:21:00.830", "metrics": {}, "published": "2024-05-17T14:15:20.707", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: mvpp2: clear BM pool before initialization", "id": "2281159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281159"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: mvpp2: clear BM pool before initialization\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue.", "A vulnerability was found in the Linux kernel's Marvell PPv2 (mvpp2) network driver, where the Buffer Management(BM) pool is not properly cleared before initialization. This oversight could lead to unintended behavior or security risks, such as the use of uninitialized data in network operations."], "mitigation": {"lang": "en:us", "value": "CVE-2024-35837 addresses a vulnerability in the Linux kernel's mvpp2 (Marvell PPv2) network driver, where the BM (Buffer Management) pool was not being properly cleared before initialization. This oversight could lead to unintended behavior or security risks, such as the use of uninitialized data in network operations. The fix ensures that the BM pool is cleared during the initialization process, enhancing the stability and security of the network driver."}, "name": "CVE-2024-35837", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35837\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35837\nhttps://lore.kernel.org/linux-cve-announce/2024051731-CVE-2024-35837-3159@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}