CVE-2024-36002 is a vulnerability identified in the Linux kernel's DPLL (Digital Phase-Locked Loop) subsystem, specifically related to the handling of pin registration and unregistration when multiple parent pins are involved. The issue arises in the function dpll_pin_on_pin_register(), which registers pins with multiple parent pins belonging to the same DPLL device. Due to improper management of registration resources, a second call to dpll_pin_on_pin_unregister() attempts to release resources that have already been freed, leading to a kernel call trace and potential crash. This problem manifests notably when the ice network driver is removed on systems equipped with Intel E810T NICs that include a DPLL device. The crash is caused by the dpll_pin_ops function attempting to operate on invalid memory, as indicated by the kernel warning and call trace logs. The root cause is that the pin was registered twice without proper separation of registration contexts for each parent pin, causing premature resource release. The fix involves adding a parent pointer as a cookie during registration and lookup, allowing distinct registrations for each parent pin and preventing double-free scenarios. This vulnerability affects specific Linux kernel versions identified by their commit hashes and has been publicly disclosed but currently has no known exploits in the wild. The vulnerability does not require user interaction but is triggered by driver removal operations involving the affected hardware and kernel subsystem.

For European organizations, this vulnerability primarily threatens systems running affected Linux kernel versions with Intel E810T NICs or similar hardware utilizing the DPLL subsystem. The impact includes potential kernel crashes leading to denial of service (DoS) conditions, which can disrupt critical network infrastructure, especially in data centers, telecommunications, and cloud service providers relying on these NICs. Such disruptions can affect availability of services and may require system reboots, causing downtime and operational impact. While this vulnerability does not directly lead to privilege escalation or data leakage, the instability it causes can be exploited by attackers to degrade service reliability or as part of a larger attack chain. Organizations with high availability requirements or those operating critical infrastructure should be particularly cautious. The lack of known exploits reduces immediate risk, but the presence of a kernel-level bug affecting hardware drivers means that targeted attacks or accidental triggers could cause significant operational issues.

European organizations should promptly apply the patch that fixes this vulnerability by updating their Linux kernel to versions that include the fix for CVE-2024-36002. Since the vulnerability is tied to specific hardware (Intel E810T NICs) and the ice driver, organizations should audit their systems to identify affected devices and kernel versions. If immediate patching is not feasible, temporarily avoiding removal or reloading of the ice driver can reduce the risk of triggering the crash. Additionally, monitoring kernel logs for warnings related to dpll_pin_ops or ice driver removal can help detect attempts to exploit or accidentally trigger the issue. For environments where uptime is critical, consider implementing redundancy and failover mechanisms to mitigate potential downtime caused by kernel crashes. Coordination with hardware vendors and Linux distribution maintainers for timely updates and guidance is also recommended. Finally, ensure that system administrators are aware of this vulnerability and trained to handle driver-related issues safely.