CVE-2024-36016 is a high-severity vulnerability in the Linux kernel's GSM (Generic Stream Module) tty driver, specifically within the gsm0_receive() function. The vulnerability arises due to improper handling of buffer boundaries when switching between basic and advanced option modes in the n_gsm module. The issue occurs because the gsm->len field, which tracks data length, is not properly reset or validated during mode transitions. An attacker controlling the data sent to the vulnerable system can exploit this by sending frames with data lengths that exceed the allocated buffer size, causing gsm0_receive() to write beyond the bounds of gsm->buf. This out-of-bounds write can lead to memory corruption, potentially allowing an attacker to cause denial of service (kernel crash) or escalate privileges by corrupting kernel memory structures. The fix involves changing the comparison from equality to less-than between gsm->count and gsm->len, and adding upper limit checks against a constant MAX_MRU to prevent memory corruption of gsm->len and gsm->mru. These changes harden the function against malformed input and ensure proper bounds checking. The vulnerability is classified under CWE-125 (Out-of-bounds Read/Write) and has a CVSS v3.1 score of 7.7, indicating high severity. Exploitation requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact affects confidentiality and availability, with no direct integrity impact noted. No known exploits are currently reported in the wild.

For European organizations, this vulnerability poses a significant risk especially to those running Linux-based systems with the affected kernel versions, including servers, embedded devices, and network infrastructure. The out-of-bounds write can lead to kernel crashes causing denial of service, which can disrupt critical services and operations. More critically, memory corruption in the kernel space could be leveraged by attackers to escalate privileges, potentially gaining root access and full control over affected systems. This could lead to data breaches, unauthorized access to sensitive information, and disruption of business continuity. Organizations in sectors such as finance, healthcare, telecommunications, and government, which heavily rely on Linux infrastructure, could face operational and reputational damage. Given the local attack vector, the threat is more relevant to environments where untrusted users have local access or where attackers can execute code locally, such as multi-user systems, shared hosting, or compromised endpoints. The lack of user interaction requirement increases the risk of automated exploitation once local access is achieved.

European organizations should prioritize patching affected Linux kernel versions as soon as updates become available from their distribution vendors. Since the vulnerability involves kernel-level code, applying official kernel security patches is the most effective mitigation. In environments where immediate patching is not feasible, organizations should restrict local access to trusted users only, enforce strict access controls, and monitor for unusual kernel crashes or system instability that could indicate exploitation attempts. Employing kernel integrity monitoring and leveraging security modules like SELinux or AppArmor can help limit the impact of potential exploits. Additionally, organizations should audit and harden configurations related to the n_gsm module, disabling it if not required. Network segmentation and endpoint security controls can reduce the risk of attackers gaining local access. Finally, maintain up-to-date intrusion detection and prevention systems capable of detecting anomalous behavior indicative of exploitation attempts.