CVE-2024-35961: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Register devlink first under devlink lock In case device is having a non fatal FW error during probe, the driver will report the error to user via devlink. This will trigger a WARN_ON, since mlx5 is calling devlink_register() last. In order to avoid the WARN_ON[1], change mlx5 to invoke devl_register() first under devlink lock. [1] WARNING: CPU: 5 PID: 227 at net/devlink/health.c:483 devlink_recover_notify.constprop.0+0xb8/0xc0 CPU: 5 PID: 227 Comm: kworker/u16:3 Not tainted 6.4.0-rc5_for_upstream_min_debug_2023_06_12_12_38 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_health0000:08:00.0 mlx5_fw_reporter_err_work [mlx5_core] RIP: 0010:devlink_recover_notify.constprop.0+0xb8/0xc0 Call Trace: <TASK> ? __warn+0x79/0x120 ? devlink_recover_notify.constprop.0+0xb8/0xc0 ? report_bug+0x17c/0x190 ? handle_bug+0x3c/0x60 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? devlink_recover_notify.constprop.0+0xb8/0xc0 devlink_health_report+0x4a/0x1c0 mlx5_fw_reporter_err_work+0xa4/0xd0 [mlx5_core] process_one_work+0x1bb/0x3c0 ? process_one_work+0x3c0/0x3c0 worker_thread+0x4d/0x3c0 ? process_one_work+0x3c0/0x3c0 kthread+0xc6/0xf0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK>
AI Analysis
Technical Summary
CVE-2024-35961 is a vulnerability identified in the Linux kernel specifically related to the mlx5 driver, which is used for Mellanox network devices. The issue arises from the order in which the devlink interface is registered during device initialization. When a device encounters a non-fatal firmware error during the probe phase, the mlx5 driver reports this error to the user via the devlink interface. However, due to the current implementation, devlink_register() is called last, which leads to a WARN_ON condition triggered by devlink_recover_notify. This warning indicates a race condition or improper synchronization that could potentially cause kernel instability or unexpected behavior. The root cause is that the devlink registration is not performed under the devlink lock, leading to a race condition when the firmware error is reported. The fix involves changing the mlx5 driver to invoke devlink_register() first while holding the devlink lock, ensuring proper synchronization and preventing the WARN_ON from occurring. The vulnerability does not appear to be exploitable for remote code execution or privilege escalation directly, but it can cause kernel warnings and potentially impact system stability or availability under certain error conditions. The vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant to systems using the mlx5 driver for Mellanox network hardware. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-35961 primarily concerns system stability and reliability rather than direct compromise of confidentiality or integrity. Organizations relying on Linux servers with Mellanox network cards, especially in data centers, cloud infrastructure, or high-performance computing environments, may experience kernel warnings or crashes triggered by firmware errors during device initialization. This could lead to service interruptions or degraded network performance. While the vulnerability does not currently enable remote exploitation or privilege escalation, the potential for kernel instability can affect availability of critical network services. In sectors such as finance, telecommunications, and government where uptime and network reliability are crucial, this vulnerability could have operational impacts if unpatched systems encounter firmware issues. Additionally, organizations with strict compliance requirements for system stability and security may need to address this vulnerability promptly to maintain their security posture.
Mitigation Recommendations
To mitigate CVE-2024-35961, European organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the devlink registration order in the mlx5 driver. This is the definitive fix to prevent the WARN_ON condition and ensure proper synchronization. 2) Monitor kernel logs for WARN_ON messages related to devlink or mlx5 to detect if the issue is occurring on current systems. 3) Validate firmware versions on Mellanox network devices and update firmware where possible to reduce the likelihood of non-fatal firmware errors during device probe. 4) Implement robust kernel crash and warning monitoring to quickly identify and respond to any instability caused by this or related issues. 5) For critical systems, consider testing kernel updates in staging environments to ensure stability before deployment. 6) Engage with hardware vendors for any additional recommended mitigations or firmware updates. These steps go beyond generic advice by focusing on the specific driver and synchronization issue, emphasizing firmware health, and proactive monitoring of kernel warnings.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Italy
CVE-2024-35961: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Register devlink first under devlink lock In case device is having a non fatal FW error during probe, the driver will report the error to user via devlink. This will trigger a WARN_ON, since mlx5 is calling devlink_register() last. In order to avoid the WARN_ON[1], change mlx5 to invoke devl_register() first under devlink lock. [1] WARNING: CPU: 5 PID: 227 at net/devlink/health.c:483 devlink_recover_notify.constprop.0+0xb8/0xc0 CPU: 5 PID: 227 Comm: kworker/u16:3 Not tainted 6.4.0-rc5_for_upstream_min_debug_2023_06_12_12_38 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_health0000:08:00.0 mlx5_fw_reporter_err_work [mlx5_core] RIP: 0010:devlink_recover_notify.constprop.0+0xb8/0xc0 Call Trace: <TASK> ? __warn+0x79/0x120 ? devlink_recover_notify.constprop.0+0xb8/0xc0 ? report_bug+0x17c/0x190 ? handle_bug+0x3c/0x60 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? devlink_recover_notify.constprop.0+0xb8/0xc0 devlink_health_report+0x4a/0x1c0 mlx5_fw_reporter_err_work+0xa4/0xd0 [mlx5_core] process_one_work+0x1bb/0x3c0 ? process_one_work+0x3c0/0x3c0 worker_thread+0x4d/0x3c0 ? process_one_work+0x3c0/0x3c0 kthread+0xc6/0xf0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-35961 is a vulnerability identified in the Linux kernel specifically related to the mlx5 driver, which is used for Mellanox network devices. The issue arises from the order in which the devlink interface is registered during device initialization. When a device encounters a non-fatal firmware error during the probe phase, the mlx5 driver reports this error to the user via the devlink interface. However, due to the current implementation, devlink_register() is called last, which leads to a WARN_ON condition triggered by devlink_recover_notify. This warning indicates a race condition or improper synchronization that could potentially cause kernel instability or unexpected behavior. The root cause is that the devlink registration is not performed under the devlink lock, leading to a race condition when the firmware error is reported. The fix involves changing the mlx5 driver to invoke devlink_register() first while holding the devlink lock, ensuring proper synchronization and preventing the WARN_ON from occurring. The vulnerability does not appear to be exploitable for remote code execution or privilege escalation directly, but it can cause kernel warnings and potentially impact system stability or availability under certain error conditions. The vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant to systems using the mlx5 driver for Mellanox network hardware. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-35961 primarily concerns system stability and reliability rather than direct compromise of confidentiality or integrity. Organizations relying on Linux servers with Mellanox network cards, especially in data centers, cloud infrastructure, or high-performance computing environments, may experience kernel warnings or crashes triggered by firmware errors during device initialization. This could lead to service interruptions or degraded network performance. While the vulnerability does not currently enable remote exploitation or privilege escalation, the potential for kernel instability can affect availability of critical network services. In sectors such as finance, telecommunications, and government where uptime and network reliability are crucial, this vulnerability could have operational impacts if unpatched systems encounter firmware issues. Additionally, organizations with strict compliance requirements for system stability and security may need to address this vulnerability promptly to maintain their security posture.
Mitigation Recommendations
To mitigate CVE-2024-35961, European organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the devlink registration order in the mlx5 driver. This is the definitive fix to prevent the WARN_ON condition and ensure proper synchronization. 2) Monitor kernel logs for WARN_ON messages related to devlink or mlx5 to detect if the issue is occurring on current systems. 3) Validate firmware versions on Mellanox network devices and update firmware where possible to reduce the likelihood of non-fatal firmware errors during device probe. 4) Implement robust kernel crash and warning monitoring to quickly identify and respond to any instability caused by this or related issues. 5) For critical systems, consider testing kernel updates in staging environments to ensure stability before deployment. 6) Engage with hardware vendors for any additional recommended mitigations or firmware updates. These steps go beyond generic advice by focusing on the specific driver and synchronization issue, emphasizing firmware health, and proactive monitoring of kernel warnings.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.137Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe22c3
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:39:57 AM
Last updated: 8/7/2025, 6:43:57 PM
Views: 12
Related Threats
CVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighCVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.