CVE-2024-35903 is a medium-severity vulnerability identified in the Linux kernel, specifically affecting the x86 architecture's Berkeley Packet Filter (BPF) subsystem. The issue arises from an incorrect calculation of the instruction pointer (IP) offset passed to the emit_patch function during the emission of call depth accounting code. The vulnerability occurs when the x86_call_depth_emit_accounting function emits additional code, but the IP adjustment does not correctly account for this, resulting in skipped instructions and a high likelihood of kernel crashes. This flaw is rooted in the kernel's handling of BPF call instructions, which are used for executing user-defined programs within the kernel space. The improper offset calculation can cause the kernel to execute invalid instructions or jump incorrectly, leading to denial of service through system instability or crashes. The vulnerability requires local privileges with low complexity to exploit (AV:L/AC:L/PR:L/UI:N), meaning an attacker with limited local access and privileges can trigger this issue without user interaction. However, it does not impact confidentiality or integrity directly, as it does not allow code execution or privilege escalation, but it severely affects availability by causing kernel crashes. The vulnerability has been patched in recent Linux kernel versions, and no known exploits are currently reported in the wild. The affected versions are identified by specific commit hashes, indicating that the issue is present in certain kernel builds prior to the fix. The CVSS score of 5.5 reflects a medium severity level, primarily due to the impact on availability and the requirement for local access and privileges.

For European organizations, the primary impact of CVE-2024-35903 is the potential for denial of service (DoS) conditions on Linux systems running vulnerable kernel versions. This can disrupt critical services, especially in environments relying heavily on Linux servers, such as web hosting, cloud infrastructure, telecommunications, and industrial control systems. Since the vulnerability requires local access with some privileges, insider threats or compromised user accounts could exploit this flaw to cause system instability or crashes, leading to downtime and potential operational disruptions. The lack of impact on confidentiality and integrity reduces the risk of data breaches or unauthorized data manipulation. However, availability disruptions can have cascading effects, including loss of productivity, service outages, and potential financial losses. Organizations with high availability requirements, such as financial institutions, healthcare providers, and government agencies, may face significant operational risks if this vulnerability is exploited. Additionally, the vulnerability affects the BPF subsystem, which is increasingly used for advanced networking and security monitoring; thus, its exploitation could impair these functions, reducing visibility and control over network traffic.

To mitigate CVE-2024-35903, European organizations should prioritize updating their Linux kernels to the latest patched versions that address this vulnerability. Kernel upgrades should be tested in staging environments to ensure compatibility with existing applications and services. Organizations should implement strict access controls to limit local user privileges, minimizing the number of users who can exploit this vulnerability. Employing mandatory access control frameworks such as SELinux or AppArmor can further restrict the ability of users to execute arbitrary BPF programs or perform kernel-level operations. Monitoring and auditing local user activities can help detect attempts to exploit the vulnerability. Additionally, organizations should consider disabling or restricting BPF usage where it is not essential, as this reduces the attack surface. For environments where kernel updates are delayed, applying temporary workarounds such as limiting access to vulnerable systems or isolating them within network segments can reduce risk. Finally, maintaining an up-to-date inventory of Linux kernel versions deployed across the organization will facilitate rapid identification and remediation of vulnerable systems.