CVE-2024-35805 is a vulnerability identified in the Linux kernel specifically affecting the device mapper (dm) snapshot functionality. The issue arises in the dm_exception_table_exit function, which is responsible for cleaning up exception tables when a snapshot is exited. The vulnerability manifests as a system lockup or hang during the exit process when there are many exceptions to free. The root cause is the absence of a scheduling point within the loop that frees exceptions, causing the kernel thread to monopolize CPU time and potentially leading to a system lockup. The fix involves adding a call to "cond_resched()" within the loop, which allows the kernel to yield the processor and schedule other tasks, preventing the lockup. This vulnerability is a denial-of-service (DoS) condition triggered by the kernel's inability to properly manage CPU scheduling during snapshot cleanup. The affected versions are identified by a specific commit hash, indicating that the issue is present in certain recent Linux kernel builds prior to the patch. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability does not appear to allow privilege escalation or code execution but can cause system instability and unavailability due to the lockup.

For European organizations relying on Linux-based systems, especially those using device mapper snapshots for storage management, this vulnerability could lead to system hangs and denial of service. This can disrupt critical services, particularly in data centers, cloud environments, and enterprise storage solutions where snapshots are used for backup, recovery, or testing purposes. The impact is primarily on availability, potentially causing downtime and operational delays. Systems under heavy snapshot workloads or with many exceptions are at higher risk. While this vulnerability does not directly compromise confidentiality or integrity, the resulting unavailability can affect business continuity and service level agreements. Organizations in sectors such as finance, healthcare, telecommunications, and government, which heavily depend on Linux infrastructure, could face operational disruptions if the vulnerability is exploited or triggered unintentionally.

To mitigate this vulnerability, European organizations should promptly apply the official Linux kernel patch that adds the "cond_resched()" call in the dm_exception_table_exit function. Kernel updates should be tested in staging environments to ensure compatibility with existing workloads before deployment. Organizations should review their use of device mapper snapshots and monitor for any unusual system hangs or performance degradation during snapshot operations. Implementing proactive monitoring of kernel logs and system responsiveness can help detect attempts to trigger the lockup. Additionally, limiting the size and number of exceptions in snapshots where possible can reduce the risk of encountering the lockup condition. For environments where immediate patching is not feasible, consider temporarily disabling snapshot features or using alternative backup methods until the patch is applied. Maintaining up-to-date kernel versions and subscribing to Linux security advisories will ensure timely awareness of such vulnerabilities.