CVE-2024-35987 is a vulnerability identified in the Linux kernel specifically affecting the RISC-V architecture when running 64-bit NOMMU (no memory management unit) kernels. The issue stems from a recent kernel commit (3335068f8721) that introduced logic to allow the use of RAM below the kernel load address by employing PUD/P4D/PGD pages for linear memory mapping. However, this logic does not properly apply to NOMMU kernels because the PAGE_OFFSET is fixed to the kernel load address in such configurations. Consequently, the memory range below the kernel load address corresponds to page frame numbers (PFNs) below ARCH_PFN_OFFSET, causing the memory management (mm) initialization process to operate incorrectly. This results in the mm initialization running off the beginning of the mem_map array, which leads to corruption of adjacent kernel memory. The vulnerability is addressed by restoring the previous behavior for NOMMU kernels, effectively preventing the mm initialization from corrupting kernel memory. This flaw is a memory corruption issue at the kernel level, which could potentially lead to system instability or crashes. However, it is important to note that this vulnerability specifically affects 64-bit NOMMU kernels on RISC-V architectures, which are less common compared to traditional Linux deployments on x86 or ARM architectures. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2024-35987 is likely limited due to the niche nature of the affected environment—64-bit NOMMU Linux kernels on RISC-V architectures. Most enterprise Linux deployments in Europe run on x86_64 or ARM architectures with MMU enabled, making this vulnerability less relevant to mainstream server or desktop environments. However, organizations involved in embedded systems, IoT devices, or specialized industrial applications using RISC-V NOMMU kernels could be at risk. Exploitation could lead to kernel memory corruption, causing system crashes, denial of service, or potentially enabling privilege escalation if attackers can leverage the memory corruption to execute arbitrary code. Given the absence of known exploits and the technical complexity of the environment, the immediate risk is low for most European enterprises. Nonetheless, sectors such as manufacturing, automotive, or telecommunications that are early adopters of RISC-V embedded Linux systems should be vigilant. Additionally, research institutions or companies developing RISC-V based hardware and software in Europe may need to prioritize patching to maintain system integrity and stability.

To mitigate CVE-2024-35987, organizations using affected Linux kernels on RISC-V NOMMU platforms should apply the patch that restores the previous memory mapping behavior for NOMMU kernels as soon as it becomes available. Since this vulnerability arises from a specific kernel commit, ensuring that kernel versions are updated to include the fix is critical. For embedded and IoT device manufacturers, integrating the patched kernel into firmware updates and pushing these updates to deployed devices is essential. Additionally, organizations should audit their use of RISC-V NOMMU kernels to identify affected systems. Employing kernel integrity monitoring and system stability checks can help detect early signs of exploitation or memory corruption. Where possible, consider migrating to kernel configurations with MMU enabled or architectures less susceptible to this issue. Finally, maintain close communication with Linux kernel maintainers and security advisories to stay informed about any emerging exploits or additional patches related to this vulnerability.