CVE-2024-35986 is a medium-severity vulnerability in the Linux kernel related to the power_supply framework, specifically affecting the ti tusb1210 charger detection driver. The issue arises because the power_supply framework is not designed to maintain long-lived kernel references to power_supply devices. When a power_supply device is unregistered while other kernel code still holds references to it, a WARN is triggered in power_supply_unregister(). Despite this warning, the power_supply device is removed and its backing data freed, leaving any references dangling. In the case of the tusb1210 charger-detect code, this results in a use-after-free scenario where the function tusb1210_get_online() may access freed memory, causing a kernel crash. The fix involves modifying tusb1210_get_online() to only hold a reference during its execution and release it before returning, thus avoiding dangling references. Although this fix does not completely eliminate a theoretical race condition, it prevents crashes during typical operations such as manual removal of the charger chip driver during development. The vulnerability requires local privileges (PR:L) and does not require user interaction (UI:N). It impacts availability (A:H) but does not affect confidentiality or integrity. The attack vector is local (AV:L), meaning an attacker must have local access to exploit this issue. The vulnerability has a CVSS 3.1 score of 5.5, reflecting its medium severity. There are no known exploits in the wild at this time.

For European organizations, the primary impact of CVE-2024-35986 is the potential for local denial-of-service (DoS) conditions on Linux systems using the affected ti tusb1210 charger detection driver. This could lead to kernel crashes and system instability, particularly on embedded or specialized Linux devices that rely on this driver for power management. While the vulnerability does not directly compromise confidentiality or integrity, availability disruptions can affect critical infrastructure, industrial control systems, or embedded devices used in sectors such as manufacturing, telecommunications, or transportation. Organizations with development or testing environments where kernel modules are frequently loaded and unloaded may also experience increased risk of crashes. Since exploitation requires local access and some privilege, the threat is more relevant in environments where attackers or malicious insiders can gain such access. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system stability and prevent potential escalation scenarios.

European organizations should apply the official Linux kernel patches that address CVE-2024-35986 as soon as they become available. Specifically, updating to a kernel version that includes the fix for the tusb1210 charger-detect driver is critical. For environments where immediate patching is not feasible, organizations should restrict local access to systems running affected kernels, enforce strict privilege separation, and monitor for unusual kernel warnings or crashes related to power_supply devices. Developers and system administrators should avoid manually removing charger chip drivers (rmmod) on production systems to reduce the risk of triggering this issue. Additionally, organizations should audit their device inventory to identify systems using the ti tusb1210 driver and prioritize patching those devices. Implementing kernel crash monitoring and automated alerting can help detect exploitation attempts or system instability early. Finally, maintaining robust local access controls and endpoint security measures will reduce the likelihood of an attacker gaining the necessary privileges to exploit this vulnerability.