CVE-2024-35911: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is caused from the driver *only* calling the ice_vsi_free_q_vectors() function by itself, when it is suspending. Since commit b3e7b3a6ee92 ("ice: prevent NULL pointer deref during reload") the driver has zeroed out num_q_vectors, and only restored it in ice_vsi_cfg_def(). This further causes the ice_rebuild() function to allocate a zero length buffer, after which num_q_vectors is updated, and then the new value of num_q_vectors is used to index into the zero length buffer, which corrupts memory. The fix entails making sure all the code referencing num_q_vectors only does so after it has been reset via ice_vsi_cfg_def(). I didn't perform a full bisect, but I was able to test against 6.1.77 kernel and that ice driver works fine for suspend/resume with no panic, so sometime since then, this problem was introduced. Also clean up an un-needed init of a local variable in the function being modified. PANIC from 6.8.0-rc1: [1026674.915596] PM: suspend exit [1026675.664697] ice 0000:17:00.1: PTP reset successful [1026675.664707] ice 0000:17:00.1: 2755 msecs passed between update to cached PHC time [1026675.667660] ice 0000:b1:00.0: PTP reset successful [1026675.675944] ice 0000:b1:00.0: 2832 msecs passed between update to cached PHC time [1026677.137733] ixgbe 0000:31:00.0 ens787: NIC Link is Up 1 Gbps, Flow Control: None [1026677.190201] BUG: kernel NULL pointer dereference, address: 0000000000000010 [1026677.192753] ice 0000:17:00.0: PTP reset successful [1026677.192764] ice 0000:17:00.0: 4548 msecs passed between update to cached PHC time [1026677.197928] #PF: supervisor read access in kernel mode [1026677.197933] #PF: error_code(0x0000) - not-present page [1026677.197937] PGD 1557a7067 P4D 0 [1026677.212133] ice 0000:b1:00.1: PTP reset successful [1026677.212143] ice 0000:b1:00.1: 4344 msecs passed between update to cached PHC time [1026677.212575] [1026677.243142] Oops: 0000 [#1] PREEMPT SMP NOPTI [1026677.247918] CPU: 23 PID: 42790 Comm: kworker/23:0 Kdump: loaded Tainted: G W 6.8.0-rc1+ #1 [1026677.257989] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022 [1026677.269367] Workqueue: ice ice_service_task [ice] [1026677.274592] RIP: 0010:ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice] [1026677.281421] Code: 0f 84 3a ff ff ff 41 0f b7 74 ec 02 66 89 b0 22 02 00 00 81 e6 ff 1f 00 00 e8 ec fd ff ff e9 35 ff ff ff 48 8b 43 30 49 63 ed <41> 0f b7 34 24 41 83 c5 01 48 8b 3c e8 66 89 b7 aa 02 00 00 81 e6 [1026677.300877] RSP: 0018:ff3be62a6399bcc0 EFLAGS: 00010202 [1026677.306556] RAX: ff28691e28980828 RBX: ff28691e41099828 RCX: 0000000000188000 [1026677.314148] RDX: 0000000000000000 RSI: 0000000000000010 RDI: ff28691e41099828 [1026677.321730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [1026677.329311] R10: 0000000000000007 R11: ffffffffffffffc0 R12: 0000000000000010 [1026677.336896] R13: 0000000000000000 R14: 0000000000000000 R15: ff28691e0eaa81a0 [1026677.344472] FS: 0000000000000000(0000) GS:ff28693cbffc0000(0000) knlGS:0000000000000000 [1026677.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1026677.359195] CR2: 0000000000000010 CR3: 0000000128df4001 CR4: 0000000000771ef0 [1026677.366779] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1026677.374369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1026677.381952] PKRU: 55555554 [1026677.385116] Call Trace: [1026677.388023] <TASK> [1026677.390589] ? __die+0x20/0x70 [1026677.394105] ? page_fault_oops+0x82/0x160 [1026677.398576] ? do_user_addr_fault+0x65/0x6a0 [1026677.403307] ? exc_page_fault+0x6a/0x150 [1026677.407694] ? asm_exc_page_fault+0x22/0x30 [1026677.412349] ? ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice] [1026677.4186 ---truncated---
AI Analysis
Technical Summary
CVE-2024-35911 is a vulnerability in the Linux kernel's 'ice' network driver, which manages Intel Ethernet devices. The flaw arises from improper handling of the num_q_vectors variable during suspend and resume operations. Specifically, after a certain commit (b3e7b3a6ee92), the driver zeroes out num_q_vectors during suspend and only restores it later in the ice_vsi_cfg_def() function. However, the ice driver calls ice_vsi_free_q_vectors() alone during suspend, which leads to ice_rebuild() allocating a zero-length buffer. Subsequently, num_q_vectors is updated and used to index into this zero-length buffer, causing memory corruption. This memory corruption manifests as a kernel panic and NULL pointer dereference during system resume, as evidenced by the provided kernel panic logs. The issue was introduced sometime after kernel version 6.1.77 and is reproducible in 6.8.0-rc1. The fix involves ensuring that all references to num_q_vectors occur only after it has been properly reset by ice_vsi_cfg_def(), preventing the allocation of zero-length buffers and subsequent memory corruption. This vulnerability affects Linux kernel versions containing the specified commits and impacts systems using the ice driver for Intel Ethernet controllers. While no known exploits are reported in the wild, the vulnerability can cause system crashes during suspend/resume cycles, potentially leading to denial of service or instability in networked environments.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and workstations running affected Linux kernel versions with Intel Ethernet devices managed by the ice driver. The impact includes unexpected kernel panics during suspend/resume operations, leading to system downtime and potential data loss if systems are abruptly halted. This can disrupt critical services, especially in data centers, cloud infrastructure, and enterprise environments relying on Linux-based networking hardware. The denial of service caused by kernel crashes could affect availability of network services, impacting business continuity. Additionally, memory corruption vulnerabilities can sometimes be leveraged for privilege escalation or arbitrary code execution, although no such exploits are currently known for this issue. Organizations with high availability requirements or those using Linux in virtualized or containerized environments may experience cascading effects due to host instability. The vulnerability also complicates maintenance operations involving suspend/resume cycles, such as power management or hardware reconfiguration, potentially increasing operational costs and risks.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-35911 as soon as they become available, ensuring the ice driver properly handles num_q_vectors during suspend/resume. 2. For environments where immediate patching is not feasible, consider disabling suspend/resume functionality on affected systems to avoid triggering the vulnerability. 3. Monitor kernel and driver updates from trusted Linux distributions and vendors, prioritizing updates that include fixes for the ice driver. 4. Conduct thorough testing of suspend/resume operations in staging environments before deploying updates to production to prevent unexpected downtime. 5. Implement robust system monitoring and alerting to detect kernel panics or network interface failures promptly. 6. Maintain up-to-date backups and disaster recovery plans to mitigate the impact of potential system crashes. 7. Limit access to systems running vulnerable kernels to trusted personnel and networks to reduce risk of exploitation attempts. 8. Engage with hardware vendors to confirm compatibility and support for updated drivers and kernel versions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium
CVE-2024-35911: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is caused from the driver *only* calling the ice_vsi_free_q_vectors() function by itself, when it is suspending. Since commit b3e7b3a6ee92 ("ice: prevent NULL pointer deref during reload") the driver has zeroed out num_q_vectors, and only restored it in ice_vsi_cfg_def(). This further causes the ice_rebuild() function to allocate a zero length buffer, after which num_q_vectors is updated, and then the new value of num_q_vectors is used to index into the zero length buffer, which corrupts memory. The fix entails making sure all the code referencing num_q_vectors only does so after it has been reset via ice_vsi_cfg_def(). I didn't perform a full bisect, but I was able to test against 6.1.77 kernel and that ice driver works fine for suspend/resume with no panic, so sometime since then, this problem was introduced. Also clean up an un-needed init of a local variable in the function being modified. PANIC from 6.8.0-rc1: [1026674.915596] PM: suspend exit [1026675.664697] ice 0000:17:00.1: PTP reset successful [1026675.664707] ice 0000:17:00.1: 2755 msecs passed between update to cached PHC time [1026675.667660] ice 0000:b1:00.0: PTP reset successful [1026675.675944] ice 0000:b1:00.0: 2832 msecs passed between update to cached PHC time [1026677.137733] ixgbe 0000:31:00.0 ens787: NIC Link is Up 1 Gbps, Flow Control: None [1026677.190201] BUG: kernel NULL pointer dereference, address: 0000000000000010 [1026677.192753] ice 0000:17:00.0: PTP reset successful [1026677.192764] ice 0000:17:00.0: 4548 msecs passed between update to cached PHC time [1026677.197928] #PF: supervisor read access in kernel mode [1026677.197933] #PF: error_code(0x0000) - not-present page [1026677.197937] PGD 1557a7067 P4D 0 [1026677.212133] ice 0000:b1:00.1: PTP reset successful [1026677.212143] ice 0000:b1:00.1: 4344 msecs passed between update to cached PHC time [1026677.212575] [1026677.243142] Oops: 0000 [#1] PREEMPT SMP NOPTI [1026677.247918] CPU: 23 PID: 42790 Comm: kworker/23:0 Kdump: loaded Tainted: G W 6.8.0-rc1+ #1 [1026677.257989] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022 [1026677.269367] Workqueue: ice ice_service_task [ice] [1026677.274592] RIP: 0010:ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice] [1026677.281421] Code: 0f 84 3a ff ff ff 41 0f b7 74 ec 02 66 89 b0 22 02 00 00 81 e6 ff 1f 00 00 e8 ec fd ff ff e9 35 ff ff ff 48 8b 43 30 49 63 ed <41> 0f b7 34 24 41 83 c5 01 48 8b 3c e8 66 89 b7 aa 02 00 00 81 e6 [1026677.300877] RSP: 0018:ff3be62a6399bcc0 EFLAGS: 00010202 [1026677.306556] RAX: ff28691e28980828 RBX: ff28691e41099828 RCX: 0000000000188000 [1026677.314148] RDX: 0000000000000000 RSI: 0000000000000010 RDI: ff28691e41099828 [1026677.321730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [1026677.329311] R10: 0000000000000007 R11: ffffffffffffffc0 R12: 0000000000000010 [1026677.336896] R13: 0000000000000000 R14: 0000000000000000 R15: ff28691e0eaa81a0 [1026677.344472] FS: 0000000000000000(0000) GS:ff28693cbffc0000(0000) knlGS:0000000000000000 [1026677.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1026677.359195] CR2: 0000000000000010 CR3: 0000000128df4001 CR4: 0000000000771ef0 [1026677.366779] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1026677.374369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1026677.381952] PKRU: 55555554 [1026677.385116] Call Trace: [1026677.388023] <TASK> [1026677.390589] ? __die+0x20/0x70 [1026677.394105] ? page_fault_oops+0x82/0x160 [1026677.398576] ? do_user_addr_fault+0x65/0x6a0 [1026677.403307] ? exc_page_fault+0x6a/0x150 [1026677.407694] ? asm_exc_page_fault+0x22/0x30 [1026677.412349] ? ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice] [1026677.4186 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-35911 is a vulnerability in the Linux kernel's 'ice' network driver, which manages Intel Ethernet devices. The flaw arises from improper handling of the num_q_vectors variable during suspend and resume operations. Specifically, after a certain commit (b3e7b3a6ee92), the driver zeroes out num_q_vectors during suspend and only restores it later in the ice_vsi_cfg_def() function. However, the ice driver calls ice_vsi_free_q_vectors() alone during suspend, which leads to ice_rebuild() allocating a zero-length buffer. Subsequently, num_q_vectors is updated and used to index into this zero-length buffer, causing memory corruption. This memory corruption manifests as a kernel panic and NULL pointer dereference during system resume, as evidenced by the provided kernel panic logs. The issue was introduced sometime after kernel version 6.1.77 and is reproducible in 6.8.0-rc1. The fix involves ensuring that all references to num_q_vectors occur only after it has been properly reset by ice_vsi_cfg_def(), preventing the allocation of zero-length buffers and subsequent memory corruption. This vulnerability affects Linux kernel versions containing the specified commits and impacts systems using the ice driver for Intel Ethernet controllers. While no known exploits are reported in the wild, the vulnerability can cause system crashes during suspend/resume cycles, potentially leading to denial of service or instability in networked environments.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and workstations running affected Linux kernel versions with Intel Ethernet devices managed by the ice driver. The impact includes unexpected kernel panics during suspend/resume operations, leading to system downtime and potential data loss if systems are abruptly halted. This can disrupt critical services, especially in data centers, cloud infrastructure, and enterprise environments relying on Linux-based networking hardware. The denial of service caused by kernel crashes could affect availability of network services, impacting business continuity. Additionally, memory corruption vulnerabilities can sometimes be leveraged for privilege escalation or arbitrary code execution, although no such exploits are currently known for this issue. Organizations with high availability requirements or those using Linux in virtualized or containerized environments may experience cascading effects due to host instability. The vulnerability also complicates maintenance operations involving suspend/resume cycles, such as power management or hardware reconfiguration, potentially increasing operational costs and risks.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-35911 as soon as they become available, ensuring the ice driver properly handles num_q_vectors during suspend/resume. 2. For environments where immediate patching is not feasible, consider disabling suspend/resume functionality on affected systems to avoid triggering the vulnerability. 3. Monitor kernel and driver updates from trusted Linux distributions and vendors, prioritizing updates that include fixes for the ice driver. 4. Conduct thorough testing of suspend/resume operations in staging environments before deploying updates to production to prevent unexpected downtime. 5. Implement robust system monitoring and alerting to detect kernel panics or network interface failures promptly. 6. Maintain up-to-date backups and disaster recovery plans to mitigate the impact of potential system crashes. 7. Limit access to systems running vulnerable kernels to trusted personnel and networks to reduce risk of exploitation attempts. 8. Engage with hardware vendors to confirm compatibility and support for updated drivers and kernel versions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.121Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbddcac
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 3:26:30 AM
Last updated: 7/21/2025, 10:43:21 PM
Views: 11
Related Threats
CVE-2025-8466: SQL Injection in code-projects Online Farm System
MediumCVE-2025-8400: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in aumsrini Image Gallery
MediumCVE-2025-8399: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in mmanifesto Mmm Unity Loader
MediumCVE-2025-8391: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in awssoft Magic Edge – Lite
MediumCVE-2025-6832: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in codebangers All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.