CVE-2024-35940 is a medium-severity vulnerability identified in the Linux kernel, specifically within the pstore subsystem's zone handling code. The issue arises from the function psz_kmsg_read, which uses kasprintf() to allocate memory dynamically. kasprintf() can return a NULL pointer if the memory allocation fails, but the vulnerable code did not check for this NULL pointer before dereferencing it. This lack of validation leads to a potential null pointer dereference (CWE-476), which can cause a kernel panic or system crash, resulting in a denial of service (DoS) condition. The vulnerability does not impact confidentiality or integrity but affects availability due to the possibility of crashing the kernel. Exploitation requires local access with low privileges (PR:L), no user interaction is needed (UI:N), and the attack vector is local (AV:L). The vulnerability scope is unchanged (S:U), meaning it affects only the vulnerable component without impacting other system components. The CVSS v3.1 base score is 5.5, reflecting a medium severity level. No known exploits are currently reported in the wild. The fix involves adding a null pointer check after kasprintf() to ensure the pointer is valid before use, preventing the null dereference and subsequent crash.

For European organizations, this vulnerability primarily poses a risk of denial of service on Linux systems running affected kernel versions. Since Linux is widely deployed across servers, cloud infrastructure, and embedded devices in Europe, an attacker with local access could trigger system crashes, disrupting critical services and operations. This could impact sectors relying heavily on Linux servers, such as finance, telecommunications, government, and manufacturing. Although the vulnerability does not allow privilege escalation or data compromise, the availability impact could lead to operational downtime, loss of productivity, and potential financial losses. Systems exposed to untrusted users or multi-tenant environments are at higher risk. However, the requirement for local access limits remote exploitation, reducing the risk from external attackers but emphasizing the need for internal security controls.

European organizations should promptly apply the available Linux kernel patches that address CVE-2024-35940 by adding the necessary null pointer checks in the pstore/zone code. System administrators must verify that all Linux systems, especially those running kernel versions containing the vulnerable commit (noted by the specific git commit hash), are updated to patched versions. In environments where immediate patching is not feasible, organizations should restrict local access to trusted users only and implement strict access controls and monitoring to detect suspicious activities. Employing kernel crash monitoring and automated recovery mechanisms can help mitigate availability impacts. Additionally, conducting regular audits of kernel versions and maintaining an up-to-date inventory of Linux systems will facilitate timely vulnerability management. Security teams should also educate users about the risks of executing untrusted code locally to prevent accidental exploitation.