CVE-2024-35974: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: block: fix q->blkg_list corruption during disk rebind Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q->blkg_list when calling blkcg_init_disk() for rebind, then q->blkg_list becomes corrupted. Fix the list corruption issue by: - add blkg_init_queue() to initialize q->blkg_list & q->blkcg_mutex only - move calling blkg_init_queue() into blk_alloc_queue() The list corruption should be started since commit f1c006f1c685 ("blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()") which delays removing blkg from q->blkg_list into blkg_free_workfn().
AI Analysis
Technical Summary
CVE-2024-35974 is a vulnerability identified in the Linux kernel's block layer, specifically related to the management of the request queue's block group list (q->blkg_list) during disk rebind operations. The issue arises when multiple gendisk instances are allocated or added for a single request queue during disk rebind. In this scenario, the block group (blkg) may remain in the q->blkg_list when blkcg_init_disk() is called for the rebind, leading to corruption of the q->blkg_list. This corruption stems from a race condition introduced by commit f1c006f1c685, which delayed the removal of blkg from q->blkg_list until the blkg_free_workfn() execution, causing synchronization issues. The fix involves initializing q->blkg_list and q->blkcg_mutex properly via a new function blkg_init_queue(), which is called during blk_alloc_queue(), ensuring the list is correctly initialized and preventing corruption. This vulnerability affects the Linux kernel's block cgroup subsystem, which is responsible for managing I/O resource control and accounting. Although no known exploits are currently reported in the wild, the vulnerability could potentially lead to kernel instability or denial of service due to corrupted internal kernel data structures managing disk I/O queues.
Potential Impact
For European organizations, the impact of CVE-2024-35974 could be significant, particularly for those relying on Linux-based servers and infrastructure that handle critical disk I/O operations. The corruption of the q->blkg_list can cause kernel panics or system crashes, leading to denial of service conditions. This can disrupt business operations, especially in data centers, cloud service providers, and enterprises with high I/O workloads such as financial institutions, telecommunications, and manufacturing. The integrity of disk I/O scheduling and resource control could be compromised, potentially affecting performance and reliability. Although there is no indication of direct privilege escalation or data leakage, the instability caused could be exploited as part of a larger attack chain or cause operational outages. Organizations running Linux kernels with the affected versions should consider the risk of unexpected downtime and the operational impact of kernel crashes on their services.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernel to the patched versions where the fix has been applied. Since the issue is related to kernel internals, applying vendor-provided kernel updates or patches is the most effective measure. Organizations should: 1) Identify all Linux systems running affected kernel versions, especially those handling critical disk I/O workloads. 2) Apply the latest kernel updates from trusted Linux distributions that include the fix for CVE-2024-35974. 3) For environments where immediate patching is not feasible, consider isolating affected systems or limiting disk rebind operations that trigger the vulnerability. 4) Monitor system logs and kernel messages for signs of q->blkg_list corruption or related kernel errors. 5) Implement robust backup and recovery procedures to minimize impact in case of system crashes. 6) Engage with Linux distribution vendors for guidance and timely updates. Since no known exploits exist, proactive patching and monitoring are key to preventing exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-35974: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: block: fix q->blkg_list corruption during disk rebind Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q->blkg_list when calling blkcg_init_disk() for rebind, then q->blkg_list becomes corrupted. Fix the list corruption issue by: - add blkg_init_queue() to initialize q->blkg_list & q->blkcg_mutex only - move calling blkg_init_queue() into blk_alloc_queue() The list corruption should be started since commit f1c006f1c685 ("blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()") which delays removing blkg from q->blkg_list into blkg_free_workfn().
AI-Powered Analysis
Technical Analysis
CVE-2024-35974 is a vulnerability identified in the Linux kernel's block layer, specifically related to the management of the request queue's block group list (q->blkg_list) during disk rebind operations. The issue arises when multiple gendisk instances are allocated or added for a single request queue during disk rebind. In this scenario, the block group (blkg) may remain in the q->blkg_list when blkcg_init_disk() is called for the rebind, leading to corruption of the q->blkg_list. This corruption stems from a race condition introduced by commit f1c006f1c685, which delayed the removal of blkg from q->blkg_list until the blkg_free_workfn() execution, causing synchronization issues. The fix involves initializing q->blkg_list and q->blkcg_mutex properly via a new function blkg_init_queue(), which is called during blk_alloc_queue(), ensuring the list is correctly initialized and preventing corruption. This vulnerability affects the Linux kernel's block cgroup subsystem, which is responsible for managing I/O resource control and accounting. Although no known exploits are currently reported in the wild, the vulnerability could potentially lead to kernel instability or denial of service due to corrupted internal kernel data structures managing disk I/O queues.
Potential Impact
For European organizations, the impact of CVE-2024-35974 could be significant, particularly for those relying on Linux-based servers and infrastructure that handle critical disk I/O operations. The corruption of the q->blkg_list can cause kernel panics or system crashes, leading to denial of service conditions. This can disrupt business operations, especially in data centers, cloud service providers, and enterprises with high I/O workloads such as financial institutions, telecommunications, and manufacturing. The integrity of disk I/O scheduling and resource control could be compromised, potentially affecting performance and reliability. Although there is no indication of direct privilege escalation or data leakage, the instability caused could be exploited as part of a larger attack chain or cause operational outages. Organizations running Linux kernels with the affected versions should consider the risk of unexpected downtime and the operational impact of kernel crashes on their services.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernel to the patched versions where the fix has been applied. Since the issue is related to kernel internals, applying vendor-provided kernel updates or patches is the most effective measure. Organizations should: 1) Identify all Linux systems running affected kernel versions, especially those handling critical disk I/O workloads. 2) Apply the latest kernel updates from trusted Linux distributions that include the fix for CVE-2024-35974. 3) For environments where immediate patching is not feasible, consider isolating affected systems or limiting disk rebind operations that trigger the vulnerability. 4) Monitor system logs and kernel messages for signs of q->blkg_list corruption or related kernel errors. 5) Implement robust backup and recovery procedures to minimize impact in case of system crashes. 6) Engage with Linux distribution vendors for guidance and timely updates. Since no known exploits exist, proactive patching and monitoring are key to preventing exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.143Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe232c
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:41:56 AM
Last updated: 7/31/2025, 3:16:36 PM
Views: 11
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.