CVE-2024-35878 is a medium-severity vulnerability identified in the Linux kernel, specifically within the device tree subsystem's of_modalias() function. The issue arises from improper handling of the 'str' and 'len' parameters passed to the vsnprintf() function. vsnprintf() expects that if a NULL pointer is passed for the string buffer, the length parameter must be zero. However, in this vulnerability, a NULL pointer can be passed with a non-zero length, leading to a NULL pointer dereference and causing a kernel oops (crash). Additionally, negative values for the 'len' parameter are not properly filtered out. Since snprintf() uses an unsigned size_t for the buffer size, negative ssize_t values can be interpreted as very large positive numbers, potentially causing buffer overflows or excessive memory allocation attempts. This vulnerability is categorized under CWE-476 (NULL Pointer Dereference) and was discovered using static analysis tools by the Linux Verification Center. The flaw affects certain Linux kernel versions identified by specific commit hashes. Exploitation does not require privileges or user interaction, and the vulnerability can be triggered remotely over the network if the affected kernel is exposed. The CVSS v3.1 base score is 5.3, indicating a medium severity primarily due to its impact on availability (kernel crash) without compromising confidentiality or integrity. No known exploits are currently in the wild, and no patches are linked in the provided data, but it is expected that kernel maintainers will release fixes promptly given the nature of the flaw.

For European organizations relying on Linux-based systems, this vulnerability poses a risk of denial-of-service (DoS) conditions due to kernel crashes triggered by crafted inputs to the device tree subsystem. This can affect servers, embedded devices, and network infrastructure running vulnerable Linux kernels. The impact is primarily on availability, potentially disrupting critical services, industrial control systems, or cloud environments. Since the vulnerability does not allow privilege escalation or data leakage, confidentiality and integrity impacts are minimal. However, the ease of triggering a kernel oops without authentication or user interaction means attackers could remotely cause service interruptions. Organizations in sectors such as telecommunications, manufacturing, finance, and government—where Linux is widely deployed—may face operational disruptions. The lack of known exploits reduces immediate risk, but the medium severity and potential for DoS warrant timely mitigation to maintain service continuity and system stability.

European organizations should promptly identify Linux systems running affected kernel versions by checking kernel commit hashes or version numbers once detailed advisories are available. Applying official kernel patches or updates from trusted Linux distributions is the primary mitigation. In environments where immediate patching is not feasible, organizations should implement network-level protections such as firewall rules or intrusion prevention systems to block malformed packets or inputs targeting the device tree subsystem. Monitoring kernel logs for oops or crash signatures can help detect exploitation attempts early. Additionally, employing kernel hardening techniques like kernel lockdown features, seccomp filters, or running critical services in containers or virtual machines can reduce the blast radius of potential crashes. Coordination with Linux vendors and subscribing to security mailing lists will ensure timely awareness of patches and advisories. Finally, testing patches in staging environments before production deployment is recommended to avoid unintended disruptions.