CVE-2024-35887 is a use-after-free vulnerability identified in the Linux kernel's AX.25 protocol implementation, specifically related to the handling of timers during device detachment. The AX.25 protocol is primarily used in amateur radio packet communications, and the vulnerability arises in the function ax25_ds_del_timer(), which is responsible for deleting a timer associated with the AX.25 device. The issue occurs when ax25_dev_device_down() initiates device detachment and calls ax25_ds_del_timer() to clean up the slave_timer. If the timer handler (ax25_ds_timeout()) is concurrently running, ax25_ds_del_timer() calls del_timer() but returns immediately without ensuring the timer handler has completed. This race condition can lead to a use-after-free scenario where one thread frees the device structure (ax25_dev_put()) while another thread is still accessing it, resulting in potential memory corruption or kernel crashes. The fix involves replacing del_timer() with timer_shutdown_sync() during device detachment to synchronously stop the timer and prevent concurrent access. This vulnerability is rooted in improper synchronization of timer deletion and device resource cleanup, which can be exploited to cause denial of service or potentially escalate privileges by destabilizing kernel memory management. Although no known exploits are reported in the wild, the vulnerability affects the Linux kernel source versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and requires patching to prevent exploitation. The vulnerability does not have an assigned CVSS score but is recognized by CISA and the Linux security community.

For European organizations, the impact of CVE-2024-35887 depends on their use of Linux systems running kernel versions containing the vulnerable AX.25 implementation. While AX.25 is niche and primarily used in amateur radio and specialized communication systems, organizations involved in research, telecommunications, or critical infrastructure that utilize Linux-based radio communication stacks could be at risk. Exploitation could lead to kernel crashes causing denial of service, disrupting operations and potentially affecting availability of critical systems. In environments where Linux is used as a base for embedded systems or network devices supporting AX.25, this vulnerability could be leveraged to destabilize devices, leading to operational outages. Although the vulnerability requires local code execution or access to the AX.25 device interface, it could be chained with other vulnerabilities for privilege escalation or persistent denial of service. European organizations with regulatory requirements for system availability and integrity, such as those in energy, transportation, or emergency services, should consider this vulnerability significant despite its limited attack surface. The absence of known exploits reduces immediate risk but does not eliminate the need for timely remediation to maintain system security and stability.

To mitigate CVE-2024-35887, European organizations should: 1) Identify Linux systems running kernel versions containing the vulnerable AX.25 implementation, especially those used in telecommunications, embedded systems, or specialized communication roles. 2) Apply the official Linux kernel patches that replace del_timer() with timer_shutdown_sync() in the ax25_ds_del_timer() function to ensure proper synchronization during device detachment. 3) If immediate patching is not feasible, consider disabling the AX.25 protocol module if it is not required, reducing the attack surface. 4) Monitor system logs and kernel messages for signs of use-after-free or kernel crashes related to AX.25 timers to detect potential exploitation attempts. 5) Implement strict access controls to limit user or process access to AX.25 device interfaces, minimizing the risk of local exploitation. 6) Incorporate this vulnerability into vulnerability management and patching workflows to ensure timely updates. 7) For critical infrastructure, conduct targeted testing to verify that patched kernels handle AX.25 device detachment safely without regression. These steps go beyond generic advice by focusing on the specific protocol and kernel functions involved, emphasizing the importance of synchronization primitives and access restrictions in mitigating this vulnerability.