CVE-2024-35790 is a vulnerability identified in the Linux kernel's USB Type-C DisplayPort alternate mode (altmode) driver. The issue arises from the premature creation of sysfs nodes related to the DisplayPort driver before the driver data is fully initialized by the function typec_altmode_set_drvdata() during the dp_altmode_probe process. Specifically, sysfs nodes are exposed to userspace before the driver has set its internal data structures, leading to potential NULL pointer dereferences when userspace reads certain sysfs attributes such as hpd_show or pin_assignment_show. These attributes attempt to access dp->hpd or dp->lock, respectively, but since dev_get_drvdata() returns NULL at this early stage, the kernel dereferences NULL pointers, causing a kernel NULL pointer dereference error. The root cause is the manual creation of sysfs nodes outside the standard ATTRIBUTE_GROUPS() macro, which would have deferred node creation until after driver data initialization and maintained ABI compliance. The vulnerability was addressed by removing manual sysfs node creation and instead adding the attribute group as the driver's default device attribute group, ensuring sysfs nodes are only created after the driver data is properly set. This fix prevents premature sysfs access and eliminates the NULL pointer dereference risk. No known exploits are reported in the wild as of the publication date. The vulnerability affects Linux kernel versions identified by the given commit hashes, which correspond to recent kernel development states. This issue is a classic example of a race condition or initialization order flaw in kernel driver code that can lead to kernel crashes or potential denial of service (DoS).

For European organizations, the impact of CVE-2024-35790 primarily involves the stability and availability of Linux-based systems utilizing USB Type-C ports with DisplayPort alternate mode support. Many enterprise servers, workstations, and embedded devices in Europe run Linux kernels that may include the affected driver code. An attacker with local access or the ability to trigger sysfs reads on the vulnerable nodes could cause kernel crashes via NULL pointer dereferences, resulting in system reboots or service interruptions. While this vulnerability does not directly enable privilege escalation or remote code execution, the resulting denial of service could disrupt critical infrastructure, industrial control systems, or business operations relying on Linux systems. Given the widespread use of Linux in European government, finance, telecommunications, and manufacturing sectors, even transient outages could have significant operational and financial consequences. However, exploitation requires local interaction with sysfs nodes, limiting the attack vector to users or processes with some level of system access. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in environments where untrusted users or software can interact with USB Type-C hardware interfaces.

European organizations should prioritize applying the official Linux kernel patches that address this vulnerability by correcting the sysfs node creation process in the DisplayPort altmode driver. Kernel updates from trusted Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) should be monitored and deployed promptly. In environments where immediate patching is not feasible, administrators can mitigate risk by restricting access to sysfs nodes related to USB Type-C DisplayPort altmode attributes, using Linux kernel security modules (e.g., SELinux, AppArmor) or by mounting sysfs with restrictive permissions to prevent unauthorized reads. Additionally, organizations should audit and limit local user privileges to prevent untrusted users from triggering sysfs reads that could cause kernel crashes. Monitoring system logs for kernel oops or NULL pointer dereference messages can help detect attempted exploitation or instability. For embedded or specialized devices, vendors should be contacted to ensure firmware and kernel updates incorporate this fix. Finally, organizations should maintain robust backup and recovery procedures to minimize downtime in case of denial of service caused by this vulnerability.