CVE-2024-35971: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang The ks8851_irq() thread may call ks8851_rx_pkts() in case there are any packets in the MAC FIFO, which calls netif_rx(). This netif_rx() implementation is guarded by local_bh_disable() and local_bh_enable(). The local_bh_enable() may call do_softirq() to run softirqs in case any are pending. One of the softirqs is net_rx_action, which ultimately reaches the driver .start_xmit callback. If that happens, the system hangs. The entire call chain is below: ks8851_start_xmit_par from netdev_start_xmit netdev_start_xmit from dev_hard_start_xmit dev_hard_start_xmit from sch_direct_xmit sch_direct_xmit from __dev_queue_xmit __dev_queue_xmit from __neigh_update __neigh_update from neigh_update neigh_update from arp_process.constprop.0 arp_process.constprop.0 from __netif_receive_skb_one_core __netif_receive_skb_one_core from process_backlog process_backlog from __napi_poll.constprop.0 __napi_poll.constprop.0 from net_rx_action net_rx_action from __do_softirq __do_softirq from call_with_stack call_with_stack from do_softirq do_softirq from __local_bh_enable_ip __local_bh_enable_ip from netif_rx netif_rx from ks8851_irq ks8851_irq from irq_thread_fn irq_thread_fn from irq_thread irq_thread from kthread kthread from ret_from_fork The hang happens because ks8851_irq() first locks a spinlock in ks8851_par.c ks8851_lock_par() spin_lock_irqsave(&ksp->lock, ...) and with that spinlock locked, calls netif_rx(). Once the execution reaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again which attempts to claim the already locked spinlock again, and the hang happens. Move the do_softirq() call outside of the spinlock protected section of ks8851_irq() by disabling BHs around the entire spinlock protected section of ks8851_irq() handler. Place local_bh_enable() outside of the spinlock protected section, so that it can trigger do_softirq() without the ks8851_par.c ks8851_lock_par() spinlock being held, and safely call ks8851_start_xmit_par() without attempting to lock the already locked spinlock. Since ks8851_irq() is protected by local_bh_disable()/local_bh_enable() now, replace netif_rx() with __netif_rx() which is not duplicating the local_bh_disable()/local_bh_enable() calls.
AI Analysis
Technical Summary
CVE-2024-35971 is a vulnerability in the Linux kernel's network driver for the KS8851 Ethernet controller. The issue arises from improper handling of softirqs (software interrupts) within the IRQ (interrupt request) thread for the ks8851 driver. Specifically, the ks8851_irq() function locks a spinlock to protect shared data and then calls netif_rx(), which internally disables and enables bottom halves (BHs) using local_bh_disable() and local_bh_enable(). The local_bh_enable() call can trigger the execution of pending softirqs, including net_rx_action, which eventually calls the driver's start_xmit callback (ks8851_start_xmit_par). This callback attempts to acquire the same spinlock already held by ks8851_irq(), causing a deadlock and resulting in a system hang. The root cause is that the softirq processing is triggered while the spinlock is still held, leading to recursive locking attempts. The fix involves moving the do_softirq() call outside the spinlock-protected section by surrounding the entire spinlock section with local_bh_disable()/local_bh_enable() calls. This change ensures that softirq processing happens only after the spinlock is released, preventing the deadlock. Additionally, netif_rx() is replaced with __netif_rx() to avoid redundant BH disabling/enabling since the BHs are already disabled during the spinlock section. This vulnerability affects Linux kernel versions containing the ks8851 driver implementation as described, and it can cause system hangs due to deadlocks in network packet processing. While no known exploits are reported in the wild, the issue can severely impact system availability, especially on systems using the KS8851 Ethernet controller.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the KS8851 network driver enabled and in use. The impact is a potential system hang or denial of service (DoS) condition caused by deadlocks in network packet processing. This can disrupt critical network communications, affecting servers, network appliances, or embedded devices relying on the KS8851 Ethernet controller. Organizations with infrastructure using this hardware or custom Linux builds including this driver could experience outages, degraded service availability, and operational disruptions. Given the Linux kernel's widespread use in European enterprises, cloud providers, and embedded systems, the vulnerability could affect a broad range of sectors including telecommunications, manufacturing, and public services. However, the impact is limited to systems using the specific KS8851 network hardware or driver, which is less common than other mainstream network drivers. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental hangs or targeted DoS attempts. In summary, the vulnerability threatens system availability and operational continuity, which are critical for European organizations relying on stable Linux-based networked systems.
Mitigation Recommendations
1. Apply the official Linux kernel patch that moves the softirq processing outside the spinlock-protected section in the ks8851_irq() handler. This patch is the definitive fix and should be prioritized. 2. For organizations using custom or embedded Linux distributions, ensure kernel versions are updated to include this fix or backport the patch if necessary. 3. Identify and inventory all systems using the KS8851 Ethernet controller or the affected Linux kernel versions to prioritize remediation. 4. Implement monitoring for system hangs or network-related deadlocks that could indicate this issue, enabling rapid detection and response. 5. Where immediate patching is not feasible, consider isolating affected systems from critical network segments to minimize impact. 6. Engage with hardware vendors or Linux distribution maintainers to confirm the presence of the fix in upcoming releases and coordinate updates. 7. Conduct thorough regression testing after patch application to ensure no adverse effects on network performance or stability. These steps go beyond generic advice by focusing on hardware-specific identification, patch management, monitoring, and vendor coordination tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-35971: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang The ks8851_irq() thread may call ks8851_rx_pkts() in case there are any packets in the MAC FIFO, which calls netif_rx(). This netif_rx() implementation is guarded by local_bh_disable() and local_bh_enable(). The local_bh_enable() may call do_softirq() to run softirqs in case any are pending. One of the softirqs is net_rx_action, which ultimately reaches the driver .start_xmit callback. If that happens, the system hangs. The entire call chain is below: ks8851_start_xmit_par from netdev_start_xmit netdev_start_xmit from dev_hard_start_xmit dev_hard_start_xmit from sch_direct_xmit sch_direct_xmit from __dev_queue_xmit __dev_queue_xmit from __neigh_update __neigh_update from neigh_update neigh_update from arp_process.constprop.0 arp_process.constprop.0 from __netif_receive_skb_one_core __netif_receive_skb_one_core from process_backlog process_backlog from __napi_poll.constprop.0 __napi_poll.constprop.0 from net_rx_action net_rx_action from __do_softirq __do_softirq from call_with_stack call_with_stack from do_softirq do_softirq from __local_bh_enable_ip __local_bh_enable_ip from netif_rx netif_rx from ks8851_irq ks8851_irq from irq_thread_fn irq_thread_fn from irq_thread irq_thread from kthread kthread from ret_from_fork The hang happens because ks8851_irq() first locks a spinlock in ks8851_par.c ks8851_lock_par() spin_lock_irqsave(&ksp->lock, ...) and with that spinlock locked, calls netif_rx(). Once the execution reaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again which attempts to claim the already locked spinlock again, and the hang happens. Move the do_softirq() call outside of the spinlock protected section of ks8851_irq() by disabling BHs around the entire spinlock protected section of ks8851_irq() handler. Place local_bh_enable() outside of the spinlock protected section, so that it can trigger do_softirq() without the ks8851_par.c ks8851_lock_par() spinlock being held, and safely call ks8851_start_xmit_par() without attempting to lock the already locked spinlock. Since ks8851_irq() is protected by local_bh_disable()/local_bh_enable() now, replace netif_rx() with __netif_rx() which is not duplicating the local_bh_disable()/local_bh_enable() calls.
AI-Powered Analysis
Technical Analysis
CVE-2024-35971 is a vulnerability in the Linux kernel's network driver for the KS8851 Ethernet controller. The issue arises from improper handling of softirqs (software interrupts) within the IRQ (interrupt request) thread for the ks8851 driver. Specifically, the ks8851_irq() function locks a spinlock to protect shared data and then calls netif_rx(), which internally disables and enables bottom halves (BHs) using local_bh_disable() and local_bh_enable(). The local_bh_enable() call can trigger the execution of pending softirqs, including net_rx_action, which eventually calls the driver's start_xmit callback (ks8851_start_xmit_par). This callback attempts to acquire the same spinlock already held by ks8851_irq(), causing a deadlock and resulting in a system hang. The root cause is that the softirq processing is triggered while the spinlock is still held, leading to recursive locking attempts. The fix involves moving the do_softirq() call outside the spinlock-protected section by surrounding the entire spinlock section with local_bh_disable()/local_bh_enable() calls. This change ensures that softirq processing happens only after the spinlock is released, preventing the deadlock. Additionally, netif_rx() is replaced with __netif_rx() to avoid redundant BH disabling/enabling since the BHs are already disabled during the spinlock section. This vulnerability affects Linux kernel versions containing the ks8851 driver implementation as described, and it can cause system hangs due to deadlocks in network packet processing. While no known exploits are reported in the wild, the issue can severely impact system availability, especially on systems using the KS8851 Ethernet controller.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the KS8851 network driver enabled and in use. The impact is a potential system hang or denial of service (DoS) condition caused by deadlocks in network packet processing. This can disrupt critical network communications, affecting servers, network appliances, or embedded devices relying on the KS8851 Ethernet controller. Organizations with infrastructure using this hardware or custom Linux builds including this driver could experience outages, degraded service availability, and operational disruptions. Given the Linux kernel's widespread use in European enterprises, cloud providers, and embedded systems, the vulnerability could affect a broad range of sectors including telecommunications, manufacturing, and public services. However, the impact is limited to systems using the specific KS8851 network hardware or driver, which is less common than other mainstream network drivers. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental hangs or targeted DoS attempts. In summary, the vulnerability threatens system availability and operational continuity, which are critical for European organizations relying on stable Linux-based networked systems.
Mitigation Recommendations
1. Apply the official Linux kernel patch that moves the softirq processing outside the spinlock-protected section in the ks8851_irq() handler. This patch is the definitive fix and should be prioritized. 2. For organizations using custom or embedded Linux distributions, ensure kernel versions are updated to include this fix or backport the patch if necessary. 3. Identify and inventory all systems using the KS8851 Ethernet controller or the affected Linux kernel versions to prioritize remediation. 4. Implement monitoring for system hangs or network-related deadlocks that could indicate this issue, enabling rapid detection and response. 5. Where immediate patching is not feasible, consider isolating affected systems from critical network segments to minimize impact. 6. Engage with hardware vendors or Linux distribution maintainers to confirm the presence of the fix in upcoming releases and coordinate updates. 7. Conduct thorough regression testing after patch application to ensure no adverse effects on network performance or stability. These steps go beyond generic advice by focusing on hardware-specific identification, patch management, monitoring, and vendor coordination tailored to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.141Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe2324
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:41:37 AM
Last updated: 8/5/2025, 6:16:30 PM
Views: 15
Related Threats
CVE-2025-8081: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in elemntor Elementor Website Builder – More Than Just a Page Builder
MediumCVE-2025-6253: CWE-862 Missing Authorization in uicore UiCore Elements – Free Elementor widgets and templates
HighCVE-2025-3892: CWE-250: Execution with Unnecessary Privileges in Axis Communications AB AXIS OS
MediumCVE-2025-30027: CWE-1287: Improper Validation of Specified Type of Input in Axis Communications AB AXIS OS
MediumCVE-2025-7622: CWE-918: Server-Side Request Forgery (SSRF) in Axis Communications AB AXIS Camera Station Pro
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.