CVE-2024-35900 is a vulnerability identified in the Linux kernel's netfilter subsystem, specifically within the nf_tables component responsible for packet filtering and firewall functionality. The issue arises when the 'dormant' flag is toggled on a table, which disables hooks during the commit phase by iterating over current chains in the table, including both existing and newly added chains. The vulnerability manifests when a specific sequence of commands is executed: adding a table, adding a chain with a filter hook, setting the table's dormant flag, and then adding another chain with a filter hook at a different priority. This sequence leads to an inconsistent internal state where a chain (e.g., chain 'w') is considered already unregistered but is attempted to be unregistered again, triggering kernel warnings and potentially causing instability. The kernel warning logs indicate repeated calls to __nf_unregister_net_hook and related functions, suggesting improper handling of netfilter hooks during state transitions. While the vulnerability does not currently have known exploits in the wild, the inconsistent state could lead to denial of service (DoS) conditions by crashing or destabilizing the kernel or potentially enable privilege escalation if exploited in conjunction with other vulnerabilities. The vulnerability affects multiple recent Linux kernel versions as indicated by the affected commit hashes, and it has been publicly disclosed as of May 19, 2024. No CVSS score has been assigned yet, but the issue is recognized and patched by the Linux kernel maintainers.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected nf_tables implementation, which is widely used in servers, network appliances, and cloud infrastructure. The netfilter subsystem is critical for firewalling and network traffic filtering; thus, exploitation or triggering of this vulnerability could lead to kernel instability or crashes, resulting in denial of service. This could disrupt critical services, especially in sectors relying heavily on Linux-based infrastructure such as finance, telecommunications, government, and cloud service providers. While there is no evidence of active exploitation, the potential for kernel panic or system crashes could be leveraged by attackers to cause outages or as part of a multi-stage attack to gain elevated privileges. Given the widespread use of Linux in European data centers and enterprise environments, the impact could be significant if unpatched systems are targeted. Additionally, the vulnerability could affect embedded Linux devices used in industrial control systems or network equipment, potentially impacting operational technology environments.

European organizations should prioritize updating their Linux kernel versions to the latest patched releases that address CVE-2024-35900. Since the vulnerability involves the nf_tables subsystem, administrators should audit firewall and netfilter configurations to avoid complex or unusual table and chain manipulations that toggle the dormant flag unnecessarily. Network administrators should implement strict change management and monitoring around netfilter configurations to detect anomalous or unauthorized modifications that could trigger the inconsistent state. For environments where immediate kernel upgrades are not feasible, consider isolating vulnerable systems from untrusted networks to reduce exposure. Additionally, enabling kernel crash dumps and monitoring kernel logs for warnings related to __nf_unregister_net_hook can help detect attempts to trigger the vulnerability. Security teams should also review and harden access controls to limit who can modify netfilter configurations, as exploitation requires the ability to manipulate firewall rules. Finally, maintain close coordination with Linux kernel security advisories and apply patches promptly once available.