CVE-2024-35816: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left-over IRQ on unbind Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ") also removed the call to free_irq() in pci_remove(), leading to a leftover irq of devm_request_irq() at pci_disable_msi() in pci_remove() when unbinding the driver from the device remove_proc_entry: removing non-empty directory 'irq/136', leaking at least 'firewire_ohci' Call Trace: ? remove_proc_entry+0x19c/0x1c0 ? __warn+0x81/0x130 ? remove_proc_entry+0x19c/0x1c0 ? report_bug+0x171/0x1a0 ? console_unlock+0x78/0x120 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? remove_proc_entry+0x19c/0x1c0 unregister_irq_proc+0xf4/0x120 free_desc+0x3d/0xe0 ? kfree+0x29f/0x2f0 irq_free_descs+0x47/0x70 msi_domain_free_locked.part.0+0x19d/0x1d0 msi_domain_free_irqs_all_locked+0x81/0xc0 pci_free_msi_irqs+0x12/0x40 pci_disable_msi+0x4c/0x60 pci_remove+0x9d/0xc0 [firewire_ohci 01b483699bebf9cb07a3d69df0aa2bee71db1b26] pci_device_remove+0x37/0xa0 device_release_driver_internal+0x19f/0x200 unbind_store+0xa1/0xb0 remove irq with devm_free_irq() before pci_disable_msi() also remove it in fail_msi: of pci_probe() as this would lead to an identical leak
AI Analysis
Technical Summary
CVE-2024-35816 is a vulnerability identified in the Linux kernel's FireWire OHCI (Open Host Controller Interface) driver, specifically related to improper handling of interrupt requests (IRQs) during device unbinding and removal. The issue arises from a code change (commit 5a95f1ded28691e6) that replaced the explicit call to free_irq() in pci_remove() with devres-managed IRQ requests, inadvertently causing leftover IRQs when the driver is unbound from the device. This results in a resource leak where IRQs allocated by devm_request_irq() are not properly freed during pci_disable_msi() in pci_remove(). The vulnerability manifests as a leak of IRQ resources, evidenced by the presence of non-empty procfs directories (e.g., irq/136) that remain after device removal. The kernel call trace shows repeated attempts to remove proc entries and free IRQ descriptors, but due to the missing free_irq() call, these resources persist, potentially leading to system instability or denial of service. The fix involves explicitly removing IRQs with devm_free_irq() before pci_disable_msi() and in failure paths during pci_probe(), ensuring proper cleanup of IRQ resources. While this vulnerability does not directly enable code execution or privilege escalation, the improper release of IRQs can cause kernel resource leaks, which over time may degrade system performance or cause kernel warnings and instability. This is particularly relevant for systems that frequently bind and unbind FireWire OHCI devices or dynamically manage PCI devices with MSI interrupts. The vulnerability affects Linux kernel versions containing the specified commit and is relevant to environments using FireWire OHCI drivers with MSI support. No known exploits are reported in the wild, and the vulnerability was published on May 17, 2024. There is no CVSS score assigned yet, but the technical details and patch notes indicate a medium-level resource management flaw rather than a direct security compromise.
Potential Impact
For European organizations, the impact of CVE-2024-35816 is primarily related to system stability and reliability rather than direct data breaches or unauthorized access. Organizations running Linux servers or workstations with FireWire OHCI support and MSI-enabled PCI devices may experience resource leaks leading to kernel warnings, degraded performance, or potential denial of service if devices are frequently connected and disconnected. This could affect critical infrastructure, industrial control systems, or research environments where FireWire devices are used for data acquisition or high-speed transfers. While the vulnerability does not appear to allow remote exploitation or privilege escalation, the accumulation of leaked IRQ resources could cause kernel instability, requiring system reboots or manual intervention. This may disrupt operations in data centers, manufacturing plants, or media production facilities that rely on Linux systems. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or operational issues. Given the widespread use of Linux in European public sector, telecommunications, and scientific research institutions, the vulnerability's impact is relevant where FireWire hardware is present. However, the declining use of FireWire technology in favor of USB and Thunderbolt reduces the overall exposure. Organizations with legacy hardware or specialized equipment using FireWire should prioritize patching to maintain system integrity.
Mitigation Recommendations
To mitigate CVE-2024-35816, European organizations should: 1. Apply the latest Linux kernel updates that include the fix for this vulnerability, ensuring that devm_free_irq() is called appropriately to prevent IRQ leaks. 2. Audit systems for the presence of FireWire OHCI drivers and MSI-enabled PCI devices, especially in environments where devices are dynamically connected or removed. 3. Monitor kernel logs for warnings related to IRQ leaks or procfs directory anomalies (e.g., non-empty irq directories) that may indicate the vulnerability's effects. 4. Implement system monitoring to detect abnormal resource usage or kernel instability that could be linked to IRQ leaks. 5. For critical systems, consider limiting or disabling FireWire support if not required, reducing the attack surface. 6. Educate system administrators about the importance of timely kernel patching and the specific risks associated with device driver resource management. These steps go beyond generic advice by focusing on hardware-specific configurations, kernel log monitoring, and operational practices tailored to the vulnerability's nature.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-35816: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left-over IRQ on unbind Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ") also removed the call to free_irq() in pci_remove(), leading to a leftover irq of devm_request_irq() at pci_disable_msi() in pci_remove() when unbinding the driver from the device remove_proc_entry: removing non-empty directory 'irq/136', leaking at least 'firewire_ohci' Call Trace: ? remove_proc_entry+0x19c/0x1c0 ? __warn+0x81/0x130 ? remove_proc_entry+0x19c/0x1c0 ? report_bug+0x171/0x1a0 ? console_unlock+0x78/0x120 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? remove_proc_entry+0x19c/0x1c0 unregister_irq_proc+0xf4/0x120 free_desc+0x3d/0xe0 ? kfree+0x29f/0x2f0 irq_free_descs+0x47/0x70 msi_domain_free_locked.part.0+0x19d/0x1d0 msi_domain_free_irqs_all_locked+0x81/0xc0 pci_free_msi_irqs+0x12/0x40 pci_disable_msi+0x4c/0x60 pci_remove+0x9d/0xc0 [firewire_ohci 01b483699bebf9cb07a3d69df0aa2bee71db1b26] pci_device_remove+0x37/0xa0 device_release_driver_internal+0x19f/0x200 unbind_store+0xa1/0xb0 remove irq with devm_free_irq() before pci_disable_msi() also remove it in fail_msi: of pci_probe() as this would lead to an identical leak
AI-Powered Analysis
Technical Analysis
CVE-2024-35816 is a vulnerability identified in the Linux kernel's FireWire OHCI (Open Host Controller Interface) driver, specifically related to improper handling of interrupt requests (IRQs) during device unbinding and removal. The issue arises from a code change (commit 5a95f1ded28691e6) that replaced the explicit call to free_irq() in pci_remove() with devres-managed IRQ requests, inadvertently causing leftover IRQs when the driver is unbound from the device. This results in a resource leak where IRQs allocated by devm_request_irq() are not properly freed during pci_disable_msi() in pci_remove(). The vulnerability manifests as a leak of IRQ resources, evidenced by the presence of non-empty procfs directories (e.g., irq/136) that remain after device removal. The kernel call trace shows repeated attempts to remove proc entries and free IRQ descriptors, but due to the missing free_irq() call, these resources persist, potentially leading to system instability or denial of service. The fix involves explicitly removing IRQs with devm_free_irq() before pci_disable_msi() and in failure paths during pci_probe(), ensuring proper cleanup of IRQ resources. While this vulnerability does not directly enable code execution or privilege escalation, the improper release of IRQs can cause kernel resource leaks, which over time may degrade system performance or cause kernel warnings and instability. This is particularly relevant for systems that frequently bind and unbind FireWire OHCI devices or dynamically manage PCI devices with MSI interrupts. The vulnerability affects Linux kernel versions containing the specified commit and is relevant to environments using FireWire OHCI drivers with MSI support. No known exploits are reported in the wild, and the vulnerability was published on May 17, 2024. There is no CVSS score assigned yet, but the technical details and patch notes indicate a medium-level resource management flaw rather than a direct security compromise.
Potential Impact
For European organizations, the impact of CVE-2024-35816 is primarily related to system stability and reliability rather than direct data breaches or unauthorized access. Organizations running Linux servers or workstations with FireWire OHCI support and MSI-enabled PCI devices may experience resource leaks leading to kernel warnings, degraded performance, or potential denial of service if devices are frequently connected and disconnected. This could affect critical infrastructure, industrial control systems, or research environments where FireWire devices are used for data acquisition or high-speed transfers. While the vulnerability does not appear to allow remote exploitation or privilege escalation, the accumulation of leaked IRQ resources could cause kernel instability, requiring system reboots or manual intervention. This may disrupt operations in data centers, manufacturing plants, or media production facilities that rely on Linux systems. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or operational issues. Given the widespread use of Linux in European public sector, telecommunications, and scientific research institutions, the vulnerability's impact is relevant where FireWire hardware is present. However, the declining use of FireWire technology in favor of USB and Thunderbolt reduces the overall exposure. Organizations with legacy hardware or specialized equipment using FireWire should prioritize patching to maintain system integrity.
Mitigation Recommendations
To mitigate CVE-2024-35816, European organizations should: 1. Apply the latest Linux kernel updates that include the fix for this vulnerability, ensuring that devm_free_irq() is called appropriately to prevent IRQ leaks. 2. Audit systems for the presence of FireWire OHCI drivers and MSI-enabled PCI devices, especially in environments where devices are dynamically connected or removed. 3. Monitor kernel logs for warnings related to IRQ leaks or procfs directory anomalies (e.g., non-empty irq directories) that may indicate the vulnerability's effects. 4. Implement system monitoring to detect abnormal resource usage or kernel instability that could be linked to IRQ leaks. 5. For critical systems, consider limiting or disabling FireWire support if not required, reducing the attack surface. 6. Educate system administrators about the importance of timely kernel patching and the specific risks associated with device driver resource management. These steps go beyond generic advice by focusing on hardware-specific configurations, kernel log monitoring, and operational practices tailored to the vulnerability's nature.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T12:19:12.343Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe3563
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 4:11:35 PM
Last updated: 8/15/2025, 6:32:21 PM
Views: 8
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.