CVE-2024-35847 is a vulnerability identified in the Linux kernel specifically within the irqchip/gic-v3-its component, which handles interrupt management for ARM GICv3 ITS (Interrupt Translation Service). The flaw arises in the error handling path of the function its_vpe_irq_domain_alloc(). When the initialization function its_vpe_init() fails after successfully allocating one or more interrupts, a double free condition occurs. This happens because its_vpe_irq_domain_free() is called and frees allocated interrupts, the area bitmap, and the vprop_page, but subsequently, its_vpe_irq_domain_alloc() attempts to free the area bitmap and vprop_page again. This double free can lead to memory corruption, which may cause system instability, crashes, or potentially be exploited to execute arbitrary code or escalate privileges if an attacker can trigger this error path. The fix involves restructuring the code to unconditionally call its_vpe_irq_domain_free() to handle all cleanup correctly and removing the redundant freeing of bitmap and vprop_page from its_vpe_irq_domain_alloc(). This vulnerability affects Linux kernel versions identified by the commit hash 7d75bbb4bc1ad90386776459d37e4ddfe605671e and similar versions containing this code path. No known exploits are reported in the wild as of the publication date. The vulnerability is technical and low-level, affecting kernel memory management related to interrupt handling on ARM platforms using GICv3 ITS.

For European organizations, the impact of CVE-2024-35847 depends largely on their use of Linux systems running on ARM architectures with GICv3 ITS support, which is common in embedded systems, telecom infrastructure, and some cloud or edge computing environments. Successful exploitation could lead to denial of service through kernel crashes or potentially privilege escalation if attackers can manipulate the double free to execute arbitrary code in kernel space. This could compromise confidentiality, integrity, and availability of affected systems. Critical infrastructure operators, telecom providers, and enterprises using ARM-based Linux servers or network devices are at higher risk. Disruption in these environments could affect service availability and data security. However, the lack of known exploits and the complexity of triggering this error path somewhat limits immediate widespread impact. Still, the vulnerability represents a significant risk in environments where kernel stability and security are paramount.

European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-35847 as soon as vendor updates are available. Since this is a kernel-level vulnerability, applying official kernel patches or upgrading to a fixed kernel release is the most effective mitigation. Organizations using custom or embedded Linux distributions should coordinate with vendors or maintainers to ensure timely patching. Additionally, organizations should audit their systems to identify ARM-based Linux deployments with GICv3 ITS enabled, focusing on telecom, edge computing, and embedded device environments. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and enabling kernel lockdown features can reduce exploitation risk. Monitoring system logs for kernel errors or crashes related to interrupt handling may help detect attempted exploitation. Finally, restricting access to systems running vulnerable kernels and limiting untrusted user or process interactions can reduce attack surface.