CVE-2024-35997 is a vulnerability identified in the Linux kernel's Human Interface Device (HID) subsystem, specifically within the i2c-hid driver that manages I2C-based HID devices. The issue arises from the use of the I2C_HID_READ_PENDING flag, which was intended to serialize I2C operations. However, this flag is redundant because the I2C core subsystem already implements its own locking mechanisms. More critically, the presence of this flag can cause a system lock-up. When the flag is set during an I2C transfer (i2c_hid_xfer()), if an interrupt occurs, the interrupt handler (i2c_hid_irq) checks the flag and returns immediately without processing. This leads to the interrupt handler being invoked repeatedly in an infinite loop. Since the interrupt handler runs as a real-time (RT) task, it monopolizes the CPU, preventing the flag-clearing task from executing and resulting in a system lock-up. The fix involves removing this unnecessary flag to prevent the lock-up condition. This vulnerability affects Linux kernel versions identified by the commit hash 4a200c3b9a40242652b5734630bdd0bcf3aca75f and potentially other versions containing the same code pattern. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with I2C-HID devices, which are common in laptops, embedded systems, and certain industrial control devices. The lock-up caused by this vulnerability leads to a denial of service (DoS) condition, where affected systems become unresponsive due to the CPU being monopolized by the interrupt handler. This can disrupt critical operations, especially in environments relying on Linux-based infrastructure for user interaction or embedded control. While this vulnerability does not directly lead to data breaches or privilege escalation, the availability impact can be significant in sectors such as manufacturing, healthcare, finance, and public services where Linux systems are prevalent. The lack of requirement for user interaction or authentication to trigger the lock-up increases the risk, especially in environments where devices are exposed to untrusted inputs or peripherals. However, the absence of known exploits and the technical nature of the flaw suggest that exploitation may require specific conditions, limiting widespread impact in the short term.

European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, ensuring the removal of the I2C_HID_READ_PENDING flag from the i2c-hid driver. System administrators should audit their Linux systems to identify those running affected kernel versions and assess the presence of I2C-HID devices. For embedded and industrial systems where kernel updates may be challenging, consider isolating vulnerable devices from untrusted networks and limiting physical access to peripherals that could trigger the vulnerability. Monitoring system logs for repeated interrupt handler invocations or unexplained system lock-ups can help detect attempts to exploit this issue. Additionally, organizations should implement robust patch management processes to quickly deploy kernel updates and test them in controlled environments to avoid operational disruptions. Where possible, coordinate with hardware vendors to obtain firmware or driver updates that complement kernel patches. Finally, maintain backups and recovery plans to mitigate the impact of potential denial-of-service incidents.