CVE-2024-35837

MEDIUM

Linux Kernel - Denial of Service via BM Pool Initialization

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue.

References (7)

Core 7

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Patch

https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f

Patch

https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa

Patch

https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec

Patch

https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b

Patch

https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4

Patch

https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 7.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (22)

debian/debian_linux 10.0

linux/Kernel 3.17.0 - 5.10.210linux

linux/Kernel 5.11.0 - 5.15.149linux

linux/Kernel 5.16.0 - 6.1.76linux

linux/Kernel 6.2.0 - 6.6.15linux

linux/Kernel 6.7.0 - 6.7.3linux

Linux/Linux < 3.17

Linux/Linux 3.17

Linux/Linux 3f518509dedc99f0b755d2ce68d24f610e3a005a - 83f99138bf3b396f761600ab488054396fb5768f

Linux/Linux 3f518509dedc99f0b755d2ce68d24f610e3a005a - 938729484cfa535e9987ed0f86f29a2ae3a8188b

... and 12 more

Published May 17, 2024

Tracked Since Feb 18, 2026