CVE-2024-35958 is a medium-severity vulnerability identified in the Linux kernel's ENA (Elastic Network Adapter) driver, which is commonly used for network interface cards, especially in cloud and virtualized environments. The vulnerability arises from incorrect descriptor free behavior in the function ena_free_tx_bufs(). ENA manages two types of transmit (TX) queues: one that processes TX packets from the network stack and another that handles TX packets forwarded by XDP_REDIRECT or XDP_TX instructions, which are mechanisms for high-performance packet processing. The vulnerable function assumes all TX queues belong to the first type and uses napi_consume_skb() to free descriptors. However, this assumption is invalid for XDP-specific queues. Consequently, when a Virtual Function (VF) reset occurs, descriptors in XDP queues are not freed correctly, leading to resource leaks and potential kernel crashes. This bug can cause denial of service (DoS) conditions by crashing the kernel or destabilizing network functionality. The vulnerability requires local privileges (PR:L) and does not need user interaction (UI:N). It affects Linux kernel versions identified by the commit hash 548c4940b9f1f527f81509468dd60b61418880b6 and was published on May 20, 2024. The CVSS v3.1 base score is 5.5, reflecting a medium severity with an attack vector of local access, low attack complexity, and impact limited to availability (no confidentiality or integrity impact). No known exploits are currently reported in the wild.

For European organizations, this vulnerability poses a risk primarily to environments running Linux kernels with the ENA driver, which is prevalent in cloud infrastructures and virtualized data centers. Organizations utilizing cloud services or private clouds with ENA-enabled network interfaces could experience kernel crashes or network outages if the vulnerability is triggered, potentially disrupting critical services and operations. The impact is mainly availability-related, which can affect business continuity, especially for service providers, financial institutions, and enterprises relying on high network uptime. Although exploitation requires local privileges, insider threats or compromised accounts could leverage this flaw to cause denial of service. The absence of confidentiality or integrity impact limits data breach risks, but operational disruptions could have cascading effects on compliance and service-level agreements (SLAs).

European organizations should prioritize updating their Linux kernels to versions that include the patch fixing CVE-2024-35958. Since the vulnerability is in the ENA driver, verifying the kernel version and ENA driver updates is critical. System administrators should audit their environments to identify systems using ENA, especially in virtualized or cloud contexts. Implement strict access controls and monitoring to limit local privilege escalation and detect unusual VF reset activities. Employ kernel live patching solutions where possible to minimize downtime during patch deployment. Additionally, review and harden XDP configurations to reduce exposure. Network segmentation and isolation of critical systems can limit the impact of potential crashes. Finally, maintain robust backup and recovery procedures to restore services quickly if a denial of service occurs.