CVE-2024-35959: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using lockdep_is_held(). Acquire the state_lock in mlx5e_selq_cleanup(). Kernel log: ============================= WARNING: suspicious RCU usage 6.8.0-rc3_net_next_841a9b5 #1 Not tainted ----------------------------- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by systemd-modules/293: #0: ffffffffa05067b0 (devices_rwsem){++++}-{3:3}, at: ib_register_client+0x109/0x1b0 [ib_core] #1: ffff8881096c65c0 (&device->client_data_rwsem){++++}-{3:3}, at: add_client_context+0x104/0x1c0 [ib_core] stack backtrace: CPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3_net_next_841a9b5 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x8a/0xa0 lockdep_rcu_suspicious+0x154/0x1a0 mlx5e_selq_apply+0x94/0xa0 [mlx5_core] mlx5e_selq_cleanup+0x3a/0x60 [mlx5_core] mlx5e_priv_init+0x2be/0x2f0 [mlx5_core] mlx5_rdma_setup_rn+0x7c/0x1a0 [mlx5_core] rdma_init_netdev+0x4e/0x80 [ib_core] ? mlx5_rdma_netdev_free+0x70/0x70 [mlx5_core] ipoib_intf_init+0x64/0x550 [ib_ipoib] ipoib_intf_alloc+0x4e/0xc0 [ib_ipoib] ipoib_add_one+0xb0/0x360 [ib_ipoib] add_client_context+0x112/0x1c0 [ib_core] ib_register_client+0x166/0x1b0 [ib_core] ? 0xffffffffa0573000 ipoib_init_module+0xeb/0x1a0 [ib_ipoib] do_one_initcall+0x61/0x250 do_init_module+0x8a/0x270 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x17d/0x230 __x64_sys_finit_module+0x61/0xb0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x46/0x4e </TASK>
AI Analysis
Technical Summary
CVE-2024-35959 is a vulnerability identified in the Linux kernel, specifically within the Mellanox mlx5 Ethernet driver component (mlx5e). The issue arises in the error handling and cleanup flow of the mlx5e_priv_init() function. When mlx5e_priv_init() fails during initialization, it triggers a cleanup routine mlx5e_selq_cleanup(), which in turn calls mlx5e_selq_apply(). This function expects that the priv->state_lock is held, verified by lockdep_is_held(), but the cleanup flow does not acquire this lock before calling mlx5e_selq_apply(). This results in improper locking discipline and suspicious Read-Copy-Update (RCU) usage, as indicated by kernel warnings and stack traces. The vulnerability is related to concurrency and locking mechanisms in the driver, which could lead to race conditions, use-after-free, or other undefined kernel behaviors. The kernel log snippet shows warnings about suspicious RCU usage and lockdep violations, which are indicative of potential kernel memory corruption or deadlocks. The vulnerability affects Linux kernel versions including the 6.8.0-rc3_net_next_841a9b5a0 release candidate and possibly others using the affected mlx5e driver code. Although no known exploits are reported in the wild, the flaw could be triggered by malicious or malformed RDMA (Remote Direct Memory Access) device initialization requests, potentially leading to kernel crashes (denial of service) or privilege escalation if exploited. The vulnerability is technical and low-level, impacting the Mellanox network driver used in high-performance computing and data center environments. It is a concurrency bug that requires kernel-level access to trigger, and likely requires local privileges or specific conditions to exploit. The fix involves ensuring that the state_lock is properly acquired in the cleanup path to maintain locking correctness and prevent race conditions.
Potential Impact
For European organizations, the impact of CVE-2024-35959 depends largely on the deployment of Linux systems using Mellanox mlx5 network drivers, which are common in data centers, cloud infrastructure, and HPC clusters. A successful exploitation could lead to kernel crashes causing denial of service, which can disrupt critical services and applications. In worst cases, if combined with other vulnerabilities, it could enable privilege escalation or arbitrary code execution at the kernel level, severely compromising system confidentiality, integrity, and availability. Organizations relying on Linux servers for critical infrastructure, cloud services, or research computing could face operational disruptions, data loss, or security breaches. The vulnerability is particularly relevant to sectors with high-performance networking needs such as telecommunications, financial services, research institutions, and cloud providers prevalent in Europe. Given the technical nature and lack of known exploits, the immediate risk is moderate, but the potential for impactful disruption in sensitive environments is significant. The vulnerability also poses a risk to supply chain security where Linux-based network appliances or virtualized environments are used.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, once official patches are released by the Linux kernel maintainers. Until patches are available, organizations should audit their use of Mellanox mlx5 drivers and consider disabling or limiting RDMA device initialization features if feasible. Kernel lockdown mechanisms and strict access controls should be enforced to restrict unprivileged users from loading or initializing kernel modules or devices. Monitoring kernel logs for suspicious RCU warnings or lockdep errors can help detect attempts to trigger this vulnerability. For environments using containerization or virtualization, ensure that host kernel versions are updated and that guest systems do not have unnecessary direct access to RDMA devices. Network segmentation and strict network access controls can reduce exposure to malicious actors attempting to exploit this vulnerability remotely. Finally, organizations should engage with their Linux distribution vendors and Mellanox hardware providers to receive timely updates and guidance.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2024-35959: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using lockdep_is_held(). Acquire the state_lock in mlx5e_selq_cleanup(). Kernel log: ============================= WARNING: suspicious RCU usage 6.8.0-rc3_net_next_841a9b5 #1 Not tainted ----------------------------- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by systemd-modules/293: #0: ffffffffa05067b0 (devices_rwsem){++++}-{3:3}, at: ib_register_client+0x109/0x1b0 [ib_core] #1: ffff8881096c65c0 (&device->client_data_rwsem){++++}-{3:3}, at: add_client_context+0x104/0x1c0 [ib_core] stack backtrace: CPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3_net_next_841a9b5 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x8a/0xa0 lockdep_rcu_suspicious+0x154/0x1a0 mlx5e_selq_apply+0x94/0xa0 [mlx5_core] mlx5e_selq_cleanup+0x3a/0x60 [mlx5_core] mlx5e_priv_init+0x2be/0x2f0 [mlx5_core] mlx5_rdma_setup_rn+0x7c/0x1a0 [mlx5_core] rdma_init_netdev+0x4e/0x80 [ib_core] ? mlx5_rdma_netdev_free+0x70/0x70 [mlx5_core] ipoib_intf_init+0x64/0x550 [ib_ipoib] ipoib_intf_alloc+0x4e/0xc0 [ib_ipoib] ipoib_add_one+0xb0/0x360 [ib_ipoib] add_client_context+0x112/0x1c0 [ib_core] ib_register_client+0x166/0x1b0 [ib_core] ? 0xffffffffa0573000 ipoib_init_module+0xeb/0x1a0 [ib_ipoib] do_one_initcall+0x61/0x250 do_init_module+0x8a/0x270 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x17d/0x230 __x64_sys_finit_module+0x61/0xb0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x46/0x4e </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-35959 is a vulnerability identified in the Linux kernel, specifically within the Mellanox mlx5 Ethernet driver component (mlx5e). The issue arises in the error handling and cleanup flow of the mlx5e_priv_init() function. When mlx5e_priv_init() fails during initialization, it triggers a cleanup routine mlx5e_selq_cleanup(), which in turn calls mlx5e_selq_apply(). This function expects that the priv->state_lock is held, verified by lockdep_is_held(), but the cleanup flow does not acquire this lock before calling mlx5e_selq_apply(). This results in improper locking discipline and suspicious Read-Copy-Update (RCU) usage, as indicated by kernel warnings and stack traces. The vulnerability is related to concurrency and locking mechanisms in the driver, which could lead to race conditions, use-after-free, or other undefined kernel behaviors. The kernel log snippet shows warnings about suspicious RCU usage and lockdep violations, which are indicative of potential kernel memory corruption or deadlocks. The vulnerability affects Linux kernel versions including the 6.8.0-rc3_net_next_841a9b5a0 release candidate and possibly others using the affected mlx5e driver code. Although no known exploits are reported in the wild, the flaw could be triggered by malicious or malformed RDMA (Remote Direct Memory Access) device initialization requests, potentially leading to kernel crashes (denial of service) or privilege escalation if exploited. The vulnerability is technical and low-level, impacting the Mellanox network driver used in high-performance computing and data center environments. It is a concurrency bug that requires kernel-level access to trigger, and likely requires local privileges or specific conditions to exploit. The fix involves ensuring that the state_lock is properly acquired in the cleanup path to maintain locking correctness and prevent race conditions.
Potential Impact
For European organizations, the impact of CVE-2024-35959 depends largely on the deployment of Linux systems using Mellanox mlx5 network drivers, which are common in data centers, cloud infrastructure, and HPC clusters. A successful exploitation could lead to kernel crashes causing denial of service, which can disrupt critical services and applications. In worst cases, if combined with other vulnerabilities, it could enable privilege escalation or arbitrary code execution at the kernel level, severely compromising system confidentiality, integrity, and availability. Organizations relying on Linux servers for critical infrastructure, cloud services, or research computing could face operational disruptions, data loss, or security breaches. The vulnerability is particularly relevant to sectors with high-performance networking needs such as telecommunications, financial services, research institutions, and cloud providers prevalent in Europe. Given the technical nature and lack of known exploits, the immediate risk is moderate, but the potential for impactful disruption in sensitive environments is significant. The vulnerability also poses a risk to supply chain security where Linux-based network appliances or virtualized environments are used.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, once official patches are released by the Linux kernel maintainers. Until patches are available, organizations should audit their use of Mellanox mlx5 drivers and consider disabling or limiting RDMA device initialization features if feasible. Kernel lockdown mechanisms and strict access controls should be enforced to restrict unprivileged users from loading or initializing kernel modules or devices. Monitoring kernel logs for suspicious RCU warnings or lockdep errors can help detect attempts to trigger this vulnerability. For environments using containerization or virtualization, ensure that host kernel versions are updated and that guest systems do not have unnecessary direct access to RDMA devices. Network segmentation and strict network access controls can reduce exposure to malicious actors attempting to exploit this vulnerability remotely. Finally, organizations should engage with their Linux distribution vendors and Mellanox hardware providers to receive timely updates and guidance.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.137Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe22a1
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:39:48 AM
Last updated: 7/31/2025, 10:08:07 AM
Views: 11
Related Threats
CVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighTop Israeli Cybersecurity Director Arrested in US Child Exploitation Sting
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.