CVE-2024-35879: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_changeset_destroy() with the devlink removals.
AI Analysis
Technical Summary
CVE-2024-35879 is a vulnerability identified in the Linux kernel related to the handling of device tree nodes and devlink removals during platform device depopulation and overlay removal processes. Specifically, the issue arises in the sequence of operations where of_platform_depopulate() is called to destroy devices and remove devlinks asynchronously via a workqueue job, followed by of_overlay_remove() which destroys Open Firmware (OF) nodes. The asynchronous nature of devlink removal causes a race condition where __of_changeset_entry_destroy() may trigger warnings about memory leaks due to incorrect reference counting of of_node structures. This occurs because of_node_put() is called too late, after the asynchronous devlink removal job completes, leading to potential resource leaks and instability. The fix involves synchronizing the of_changeset_destroy() function with devlink removals to ensure that all asynchronous removals complete before OF nodes are destroyed, preventing the reference count mismatch and associated warnings. This vulnerability is rooted in kernel memory management and device lifecycle synchronization, affecting Linux kernel versions identified by specific commit hashes. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability primarily affects systems running Linux kernels with the affected versions, particularly those using device trees and devlink interfaces common in embedded systems, networking equipment, and specialized hardware platforms. The impact is mainly on system stability and reliability due to potential memory leaks and improper device node cleanup, which could lead to resource exhaustion or kernel warnings that degrade system performance. While this vulnerability does not directly enable remote code execution or privilege escalation, the instability could be exploited indirectly by attackers to cause denial of service conditions or to aid in more complex attack chains. Organizations relying on Linux-based infrastructure in critical sectors such as telecommunications, industrial control systems, and cloud services could experience disruptions if the vulnerability is triggered under heavy device management operations. However, the lack of known exploits and the technical nature of the flaw suggest a lower immediate risk but a need for timely patching to maintain system integrity.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the patched versions that include the synchronization fix for of_changeset_destroy() and devlink removals. System administrators should audit their device tree usage and devlink configurations, especially in environments with dynamic device management or overlay operations. It is advisable to monitor kernel logs for warnings related to memory leaks or reference count mismatches as indicators of the issue. For embedded and networking device vendors, integrating the patch into firmware updates is critical. Additionally, organizations should implement rigorous testing of kernel updates in staging environments to ensure compatibility and stability before deployment. Employing kernel live patching solutions where feasible can reduce downtime during remediation. Finally, maintaining robust system monitoring and alerting for kernel anomalies will help detect any exploitation attempts or system degradation stemming from this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-35879: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_changeset_destroy() with the devlink removals.
AI-Powered Analysis
Technical Analysis
CVE-2024-35879 is a vulnerability identified in the Linux kernel related to the handling of device tree nodes and devlink removals during platform device depopulation and overlay removal processes. Specifically, the issue arises in the sequence of operations where of_platform_depopulate() is called to destroy devices and remove devlinks asynchronously via a workqueue job, followed by of_overlay_remove() which destroys Open Firmware (OF) nodes. The asynchronous nature of devlink removal causes a race condition where __of_changeset_entry_destroy() may trigger warnings about memory leaks due to incorrect reference counting of of_node structures. This occurs because of_node_put() is called too late, after the asynchronous devlink removal job completes, leading to potential resource leaks and instability. The fix involves synchronizing the of_changeset_destroy() function with devlink removals to ensure that all asynchronous removals complete before OF nodes are destroyed, preventing the reference count mismatch and associated warnings. This vulnerability is rooted in kernel memory management and device lifecycle synchronization, affecting Linux kernel versions identified by specific commit hashes. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability primarily affects systems running Linux kernels with the affected versions, particularly those using device trees and devlink interfaces common in embedded systems, networking equipment, and specialized hardware platforms. The impact is mainly on system stability and reliability due to potential memory leaks and improper device node cleanup, which could lead to resource exhaustion or kernel warnings that degrade system performance. While this vulnerability does not directly enable remote code execution or privilege escalation, the instability could be exploited indirectly by attackers to cause denial of service conditions or to aid in more complex attack chains. Organizations relying on Linux-based infrastructure in critical sectors such as telecommunications, industrial control systems, and cloud services could experience disruptions if the vulnerability is triggered under heavy device management operations. However, the lack of known exploits and the technical nature of the flaw suggest a lower immediate risk but a need for timely patching to maintain system integrity.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the patched versions that include the synchronization fix for of_changeset_destroy() and devlink removals. System administrators should audit their device tree usage and devlink configurations, especially in environments with dynamic device management or overlay operations. It is advisable to monitor kernel logs for warnings related to memory leaks or reference count mismatches as indicators of the issue. For embedded and networking device vendors, integrating the patch into firmware updates is critical. Additionally, organizations should implement rigorous testing of kernel updates in staging environments to ensure compatibility and stability before deployment. Employing kernel live patching solutions where feasible can reduce downtime during remediation. Finally, maintaining robust system monitoring and alerting for kernel anomalies will help detect any exploitation attempts or system degradation stemming from this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.111Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbddc8f
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 3:25:44 AM
Last updated: 7/29/2025, 4:07:32 AM
Views: 10
Related Threats
CVE-2025-8989: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8988: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8987: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8986: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-31987: CWE-405 Asymmetric Resource Consumption in HCL Software Connections Docs
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.