CVE-2024-35885: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: stop interface during shutdown The mlxbf_gige driver intermittantly encounters a NULL pointer exception while the system is shutting down via "reboot" command. The mlxbf_driver will experience an exception right after executing its shutdown() method. One example of this exception is: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000011d373000 [0000000000000070] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 96000004 [#1] SMP CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G S OE 5.15.0-bf.6.gef6992a #1 Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.0.2.12669 Apr 21 2023 pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] lr : mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] sp : ffff8000080d3c10 x29: ffff8000080d3c10 x28: ffffcce72cbb7000 x27: ffff8000080d3d58 x26: ffff0000814e7340 x25: ffff331cd1a05000 x24: ffffcce72c4ea008 x23: ffff0000814e4b40 x22: ffff0000814e4d10 x21: ffff0000814e4128 x20: 0000000000000000 x19: ffff0000814e4a80 x18: ffffffffffffffff x17: 000000000000001c x16: ffffcce72b4553f4 x15: ffff80008805b8a7 x14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101 x11: 7f7f7f7f7f7f7f7f x10: c2ac898b17576267 x9 : ffffcce720fa5404 x8 : ffff000080812138 x7 : 0000000000002e9a x6 : 0000000000000080 x5 : ffff00008de3b000 x4 : 0000000000000000 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] __napi_poll+0x40/0x1c8 net_rx_action+0x314/0x3a0 __do_softirq+0x128/0x334 run_ksoftirqd+0x54/0x6c smpboot_thread_fn+0x14c/0x190 kthread+0x10c/0x110 ret_from_fork+0x10/0x20 Code: 8b070000 f9000ea0 f95056c0 f86178a1 (b9407002) ---[ end trace 7cc3941aa0d8e6a4 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt Kernel Offset: 0x4ce722520000 from 0xffff800008000000 PHYS_OFFSET: 0x80000000 CPU features: 0x000005c1,a3330e5a Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- During system shutdown, the mlxbf_gige driver's shutdown() is always executed. However, the driver's stop() method will only execute if networking interface configuration logic within the Linux distribution has been setup to do so. If shutdown() executes but stop() does not execute, NAPI remains enabled and this can lead to an exception if NAPI is scheduled while the hardware interface has only been partially deinitialized. The networking interface managed by the mlxbf_gige driver must be properly stopped during system shutdown so that IFF_UP is cleared, the hardware interface is put into a clean state, and NAPI is fully deinitialized.
AI Analysis
Technical Summary
CVE-2024-35885 is a vulnerability in the Linux kernel specifically affecting the mlxbf_gige network driver, which is used for managing Ethernet interfaces on Mellanox BlueField SoC hardware. The issue arises during system shutdown sequences initiated by the "reboot" command. The vulnerability manifests as a NULL pointer dereference exception occurring intermittently when the mlxbf_gige driver's shutdown() method is executed but its stop() method is not called. This incomplete shutdown sequence leaves the NAPI (New API) networking subsystem enabled while the hardware interface is only partially deinitialized. Consequently, if NAPI is scheduled to run during this state, it attempts to access invalid memory, leading to a kernel panic and system crash. The root cause is that the stop() method, which properly disables the network interface and clears the IFF_UP flag, is dependent on the Linux distribution's networking interface configuration logic and may not always be invoked during shutdown. The vulnerability is evidenced by kernel oops logs showing a NULL pointer dereference at a low virtual address, with detailed tracebacks pointing to mlxbf_gige_handle_tx_complete and mlxbf_gige_poll functions. This flaw affects Linux kernel versions including commit f92e1869d74e1acc6551256eb084a1c14a054e19 and is specific to systems running Mellanox BlueField SoC hardware. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is critical because it can cause a kernel panic during shutdown, potentially leading to data loss or system unavailability.
Potential Impact
For European organizations, especially those utilizing Linux servers or appliances with Mellanox BlueField SoC network interfaces, this vulnerability poses a risk of unexpected system crashes during shutdown or reboot operations. This can disrupt maintenance activities, automated reboot cycles, or updates requiring system restarts. In data centers or cloud environments where uptime and reliability are paramount, repeated kernel panics can lead to service interruptions, impacting business continuity and potentially causing data corruption if shutdown sequences are interrupted. Organizations relying on network appliances or embedded systems with this hardware may face operational instability. Although the vulnerability does not directly enable remote code execution or privilege escalation, the denial-of-service impact on critical infrastructure could be significant. Additionally, since the issue depends on the Linux distribution's network interface shutdown logic, some environments may be more vulnerable than others, complicating risk assessments. The lack of a known exploit in the wild reduces immediate risk, but the potential for accidental or triggered crashes during routine operations remains a concern.
Mitigation Recommendations
To mitigate CVE-2024-35885, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distribution vendors. 2) Review and, if necessary, customize the network interface shutdown scripts and configuration to ensure that the mlxbf_gige driver's stop() method is reliably invoked during system shutdown and reboot sequences. This may involve auditing systemd network service units or legacy init scripts to confirm proper interface teardown. 3) Implement monitoring for kernel oops and panic logs to detect early signs of this issue in production environments. 4) For critical systems, consider scheduling reboots during maintenance windows with manual oversight to quickly respond to any shutdown failures. 5) Engage with hardware and Linux distribution vendors for guidance and firmware updates related to Mellanox BlueField SoC devices. 6) Where feasible, isolate affected hardware from critical workloads until patched to minimize impact. 7) Test shutdown and reboot procedures in staging environments to verify that the network interface is cleanly stopped and no kernel panics occur.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Belgium, Italy, Spain
CVE-2024-35885: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: stop interface during shutdown The mlxbf_gige driver intermittantly encounters a NULL pointer exception while the system is shutting down via "reboot" command. The mlxbf_driver will experience an exception right after executing its shutdown() method. One example of this exception is: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000011d373000 [0000000000000070] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 96000004 [#1] SMP CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G S OE 5.15.0-bf.6.gef6992a #1 Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.0.2.12669 Apr 21 2023 pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] lr : mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] sp : ffff8000080d3c10 x29: ffff8000080d3c10 x28: ffffcce72cbb7000 x27: ffff8000080d3d58 x26: ffff0000814e7340 x25: ffff331cd1a05000 x24: ffffcce72c4ea008 x23: ffff0000814e4b40 x22: ffff0000814e4d10 x21: ffff0000814e4128 x20: 0000000000000000 x19: ffff0000814e4a80 x18: ffffffffffffffff x17: 000000000000001c x16: ffffcce72b4553f4 x15: ffff80008805b8a7 x14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101 x11: 7f7f7f7f7f7f7f7f x10: c2ac898b17576267 x9 : ffffcce720fa5404 x8 : ffff000080812138 x7 : 0000000000002e9a x6 : 0000000000000080 x5 : ffff00008de3b000 x4 : 0000000000000000 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] __napi_poll+0x40/0x1c8 net_rx_action+0x314/0x3a0 __do_softirq+0x128/0x334 run_ksoftirqd+0x54/0x6c smpboot_thread_fn+0x14c/0x190 kthread+0x10c/0x110 ret_from_fork+0x10/0x20 Code: 8b070000 f9000ea0 f95056c0 f86178a1 (b9407002) ---[ end trace 7cc3941aa0d8e6a4 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt Kernel Offset: 0x4ce722520000 from 0xffff800008000000 PHYS_OFFSET: 0x80000000 CPU features: 0x000005c1,a3330e5a Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- During system shutdown, the mlxbf_gige driver's shutdown() is always executed. However, the driver's stop() method will only execute if networking interface configuration logic within the Linux distribution has been setup to do so. If shutdown() executes but stop() does not execute, NAPI remains enabled and this can lead to an exception if NAPI is scheduled while the hardware interface has only been partially deinitialized. The networking interface managed by the mlxbf_gige driver must be properly stopped during system shutdown so that IFF_UP is cleared, the hardware interface is put into a clean state, and NAPI is fully deinitialized.
AI-Powered Analysis
Technical Analysis
CVE-2024-35885 is a vulnerability in the Linux kernel specifically affecting the mlxbf_gige network driver, which is used for managing Ethernet interfaces on Mellanox BlueField SoC hardware. The issue arises during system shutdown sequences initiated by the "reboot" command. The vulnerability manifests as a NULL pointer dereference exception occurring intermittently when the mlxbf_gige driver's shutdown() method is executed but its stop() method is not called. This incomplete shutdown sequence leaves the NAPI (New API) networking subsystem enabled while the hardware interface is only partially deinitialized. Consequently, if NAPI is scheduled to run during this state, it attempts to access invalid memory, leading to a kernel panic and system crash. The root cause is that the stop() method, which properly disables the network interface and clears the IFF_UP flag, is dependent on the Linux distribution's networking interface configuration logic and may not always be invoked during shutdown. The vulnerability is evidenced by kernel oops logs showing a NULL pointer dereference at a low virtual address, with detailed tracebacks pointing to mlxbf_gige_handle_tx_complete and mlxbf_gige_poll functions. This flaw affects Linux kernel versions including commit f92e1869d74e1acc6551256eb084a1c14a054e19 and is specific to systems running Mellanox BlueField SoC hardware. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is critical because it can cause a kernel panic during shutdown, potentially leading to data loss or system unavailability.
Potential Impact
For European organizations, especially those utilizing Linux servers or appliances with Mellanox BlueField SoC network interfaces, this vulnerability poses a risk of unexpected system crashes during shutdown or reboot operations. This can disrupt maintenance activities, automated reboot cycles, or updates requiring system restarts. In data centers or cloud environments where uptime and reliability are paramount, repeated kernel panics can lead to service interruptions, impacting business continuity and potentially causing data corruption if shutdown sequences are interrupted. Organizations relying on network appliances or embedded systems with this hardware may face operational instability. Although the vulnerability does not directly enable remote code execution or privilege escalation, the denial-of-service impact on critical infrastructure could be significant. Additionally, since the issue depends on the Linux distribution's network interface shutdown logic, some environments may be more vulnerable than others, complicating risk assessments. The lack of a known exploit in the wild reduces immediate risk, but the potential for accidental or triggered crashes during routine operations remains a concern.
Mitigation Recommendations
To mitigate CVE-2024-35885, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distribution vendors. 2) Review and, if necessary, customize the network interface shutdown scripts and configuration to ensure that the mlxbf_gige driver's stop() method is reliably invoked during system shutdown and reboot sequences. This may involve auditing systemd network service units or legacy init scripts to confirm proper interface teardown. 3) Implement monitoring for kernel oops and panic logs to detect early signs of this issue in production environments. 4) For critical systems, consider scheduling reboots during maintenance windows with manual oversight to quickly respond to any shutdown failures. 5) Engage with hardware and Linux distribution vendors for guidance and firmware updates related to Mellanox BlueField SoC devices. 6) Where feasible, isolate affected hardware from critical workloads until patched to minimize impact. 7) Test shutdown and reboot procedures in staging environments to verify that the network interface is cleanly stopped and no kernel panics occur.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.112Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe379d
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 5:09:43 PM
Last updated: 7/30/2025, 10:15:44 AM
Views: 14
Related Threats
CVE-2025-8066: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in Bunkerity Bunker Web
MediumCVE-2025-49898: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Xolluteon Dropshix
MediumCVE-2025-55207: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in withastro astro
MediumCVE-2025-49897: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in gopiplus Vertical scroll slideshow gallery v2
HighCVE-2025-49432: CWE-862 Missing Authorization in FWDesign Ultimate Video Player
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.