CVE-2024-35804 is a vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem affecting the emulation of atomic instructions on x86 architectures. Specifically, the issue arises during the emulation of the CMPXCHG (compare-and-exchange) atomic instruction. When KVM attempts this operation on behalf of a guest virtual machine, it must mark the guest frame number (gfn) as dirty if the operation modifies guest memory. However, due to a regression introduced when the emulated CMPXCHG was changed to perform user-space memory access, the marking of the target page as dirty was unintentionally omitted. This omission means that KVM could write to guest memory without notifying userspace that the page was modified, leading to potential memory corruption during live migration of virtual machines. The vulnerability affects the integrity of guest memory because the live migration process relies on accurate tracking of dirty pages to synchronize memory state between hosts. If dirty pages are not correctly marked, changes may be lost or inconsistently applied, causing guest memory corruption or data loss. The fix involves ensuring that the target gfn is marked dirty even if the CMPXCHG operation fails, as the old data is still written back atomically. This behavior aligns with KVM's ABI, which requires all writes to be logged as dirty regardless of the value written. The vulnerability impacts multiple Linux kernel versions identified by specific commit hashes and was publicly disclosed on May 17, 2024. There are no known exploits in the wild at this time. The issue is technical and subtle, related to low-level virtualization memory management and atomic instruction emulation, and requires kernel patching to resolve.

For European organizations, this vulnerability poses a risk primarily to those using KVM-based virtualization on Linux hosts, especially in environments that rely on live migration of virtual machines for load balancing, maintenance, or disaster recovery. The corruption of guest memory during live migration can lead to data integrity issues, application crashes, or system instability within virtualized workloads. This is particularly critical for sectors with high virtualization adoption such as financial services, telecommunications, cloud service providers, and government institutions. The inability to accurately track dirty pages could also undermine the reliability of backup and failover processes that depend on live migration. While no known exploits exist yet, the vulnerability could be leveraged by attackers with privileged access to the host or guest to cause denial of service or data corruption. Given the widespread use of Linux and KVM in European data centers and cloud infrastructure, the impact could be significant if left unpatched, affecting service availability and data trustworthiness.

European organizations should prioritize applying the official Linux kernel patches that address CVE-2024-35804 as soon as they become available from their Linux distribution vendors. Specifically, updating to kernel versions that include the fix for proper dirty page marking during CMPXCHG emulation is essential. Organizations should audit their virtualization environments to identify hosts running vulnerable kernel versions and schedule maintenance windows for patch deployment. Additionally, administrators should monitor live migration operations for anomalies or failures that could indicate memory corruption. Implementing strict access controls and monitoring on KVM hosts can reduce the risk of exploitation by limiting who can trigger live migrations or execute privileged operations. For critical workloads, consider temporarily disabling live migration until patches are applied. Finally, testing patched kernels in staging environments before production deployment can help ensure stability and compatibility.