CVE-2024-35859 is a medium-severity vulnerability identified in the Linux kernel's block device management subsystem. The issue arises from improper handling of module references during the process of opening block devices by their device identifiers. Specifically, when the function bdev_open_by_dev is invoked, it acquires a module reference before calling bdev_may_open(). If bdev_may_open() fails, the previously acquired module reference is not released, leading to a module reference leakage. This leakage can cause resource exhaustion within the kernel, potentially impacting system stability and availability. The vulnerability was discovered through code review rather than active exploitation. The CVSS v3.1 score is 5.5, reflecting a local attack vector with low complexity, requiring low privileges but no user interaction, and resulting in no confidentiality or integrity impact but causing availability degradation. The affected Linux kernel versions include the commit identified by ed5cc702d311c14b653323d76062b0294effa66e. The issue has been addressed by ensuring that the module reference is properly released if bdev_may_open() fails, preventing resource leakage. No known exploits are currently reported in the wild.

For European organizations, this vulnerability primarily threatens system availability rather than confidentiality or integrity. Systems running vulnerable Linux kernel versions, especially those managing critical block devices such as storage servers, database hosts, or virtualized infrastructure, may experience kernel resource exhaustion leading to crashes or degraded performance. This can disrupt business operations, data access, and service continuity. Organizations relying on Linux-based infrastructure for critical services, including cloud providers, financial institutions, and public sector entities, could face operational interruptions if the vulnerability is exploited or triggered inadvertently. However, exploitation requires local access with low privileges, limiting the attack surface to insiders or attackers who have already compromised a system. The absence of user interaction and the local attack vector mean that remote exploitation is not feasible, reducing the risk from external attackers but emphasizing the importance of internal security controls.

To mitigate CVE-2024-35859, European organizations should prioritize updating their Linux kernel to the patched version that addresses the module reference leakage. Kernel updates should be tested and deployed promptly, especially on systems handling critical block devices. Additionally, organizations should implement strict access controls to limit local user privileges and prevent unauthorized local access. Monitoring kernel logs for unusual module reference counts or resource exhaustion symptoms can provide early detection of exploitation attempts. Employing security mechanisms such as SELinux or AppArmor to restrict kernel module operations and enforcing least privilege principles for users and processes interacting with block devices will further reduce risk. Regular code audits and integration of static analysis tools can help identify similar resource management issues proactively. Finally, maintaining robust incident response plans to handle potential availability disruptions is recommended.