CVE-2024-35995: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fall back to using bit_width. [ rjw: Subject and changelog edits, comment adjustments ]
AI Analysis
Technical Summary
CVE-2024-35995 is a vulnerability identified in the Linux kernel related to the Advanced Configuration and Power Interface (ACPI) CPPC (Collaborative Processor Performance Control) subsystem. The issue arises from improper handling of system memory accesses where the kernel code incorrectly relies on the bit_width parameter instead of the access_width parameter to determine the size of memory accesses. According to the ACPI 6.3+ specification, bit_width can be any 8-bit value and is not guaranteed to align on a clean 8-bit boundary, which can lead to incorrect memory access calculations. This flaw was discovered on the Cobalt 100 platform and manifests as asynchronous system errors (SError Interrupts) causing kernel panics, specifically observed on ARM64 architectures. The vulnerability can cause system instability and crashes during CPU frequency scaling operations managed by the cppc_cpufreq driver, as the kernel attempts to read or write performance capabilities incorrectly. The root cause is that the kernel code uses bit_width for memory access size calculations instead of access_width, which should be used to correctly shift and mask bits for reading and writing. The fix involves switching to use access_width when available and falling back to bit_width only if access_width is not set, along with additional checks for system memory to avoid misinterpretation of access_width in certain contexts. This vulnerability does not currently have known exploits in the wild and affects Linux kernel versions prior to the patch. It is a low-level kernel bug that can cause denial of service through system crashes but does not directly indicate privilege escalation or arbitrary code execution.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions on ARM64 platforms, especially those using ACPI CPPC for CPU frequency scaling. The impact is mainly on system availability due to kernel panics triggered by asynchronous SError interrupts. This can lead to unexpected system reboots or downtime, affecting critical infrastructure, cloud services, and enterprise servers that rely on stable Linux kernel operation. Organizations using ARM64-based servers or embedded systems with Linux kernels prior to the fix may experience service interruptions. While the vulnerability does not appear to allow direct compromise of confidentiality or integrity, the denial of service impact can disrupt business operations, particularly in environments requiring high availability such as financial services, telecommunications, and industrial control systems. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the bug, potentially causing operational disruptions.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to the latest stable versions that include the patch for CVE-2024-35995. Specifically, kernel versions released after May 2024 should be deployed. For environments where immediate patching is not feasible, organizations should monitor system logs for SError interrupts and kernel panics related to cppc_cpufreq or ACPI CPPC operations as early warning signs. Disabling or limiting the use of CPPC CPU frequency scaling on affected ARM64 systems can serve as a temporary workaround to prevent triggering the vulnerability. Additionally, organizations should ensure robust system monitoring and automated reboot mechanisms to minimize downtime impact. Testing kernel updates in staging environments before production rollout is recommended to avoid regressions. Finally, maintaining an inventory of ARM64 Linux systems and their kernel versions will help prioritize patch management efforts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark
CVE-2024-35995: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fall back to using bit_width. [ rjw: Subject and changelog edits, comment adjustments ]
AI-Powered Analysis
Technical Analysis
CVE-2024-35995 is a vulnerability identified in the Linux kernel related to the Advanced Configuration and Power Interface (ACPI) CPPC (Collaborative Processor Performance Control) subsystem. The issue arises from improper handling of system memory accesses where the kernel code incorrectly relies on the bit_width parameter instead of the access_width parameter to determine the size of memory accesses. According to the ACPI 6.3+ specification, bit_width can be any 8-bit value and is not guaranteed to align on a clean 8-bit boundary, which can lead to incorrect memory access calculations. This flaw was discovered on the Cobalt 100 platform and manifests as asynchronous system errors (SError Interrupts) causing kernel panics, specifically observed on ARM64 architectures. The vulnerability can cause system instability and crashes during CPU frequency scaling operations managed by the cppc_cpufreq driver, as the kernel attempts to read or write performance capabilities incorrectly. The root cause is that the kernel code uses bit_width for memory access size calculations instead of access_width, which should be used to correctly shift and mask bits for reading and writing. The fix involves switching to use access_width when available and falling back to bit_width only if access_width is not set, along with additional checks for system memory to avoid misinterpretation of access_width in certain contexts. This vulnerability does not currently have known exploits in the wild and affects Linux kernel versions prior to the patch. It is a low-level kernel bug that can cause denial of service through system crashes but does not directly indicate privilege escalation or arbitrary code execution.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions on ARM64 platforms, especially those using ACPI CPPC for CPU frequency scaling. The impact is mainly on system availability due to kernel panics triggered by asynchronous SError interrupts. This can lead to unexpected system reboots or downtime, affecting critical infrastructure, cloud services, and enterprise servers that rely on stable Linux kernel operation. Organizations using ARM64-based servers or embedded systems with Linux kernels prior to the fix may experience service interruptions. While the vulnerability does not appear to allow direct compromise of confidentiality or integrity, the denial of service impact can disrupt business operations, particularly in environments requiring high availability such as financial services, telecommunications, and industrial control systems. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the bug, potentially causing operational disruptions.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to the latest stable versions that include the patch for CVE-2024-35995. Specifically, kernel versions released after May 2024 should be deployed. For environments where immediate patching is not feasible, organizations should monitor system logs for SError interrupts and kernel panics related to cppc_cpufreq or ACPI CPPC operations as early warning signs. Disabling or limiting the use of CPPC CPU frequency scaling on affected ARM64 systems can serve as a temporary workaround to prevent triggering the vulnerability. Additionally, organizations should ensure robust system monitoring and automated reboot mechanisms to minimize downtime impact. Testing kernel updates in staging environments before production rollout is recommended to avoid regressions. Finally, maintaining an inventory of ARM64 Linux systems and their kernel versions will help prioritize patch management efforts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.148Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe23e8
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 9:10:43 AM
Last updated: 7/31/2025, 3:47:17 PM
Views: 9
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.