CVE-2024-36962 is a medium-severity vulnerability in the Linux kernel's network driver for the KS8851 Ethernet controller. The issue arises from improper handling of received network packets (SKBs) within the interrupt request (IRQ) handler. Previously, the driver used local_bh_disable() and local_bh_enable() calls to prevent bottom halves (BHs) from running during the IRQ handler execution, specifically to avoid triggering the net_rx_action() softirq while holding a lock. This approach works when the IRQ handler is protected by a spinlock, as in the KS8851 driver with a Parallel bus interface. However, it fails when the IRQ handler is protected by a mutex, as in the KS8851 driver with an SPI bus interface. The problem is that net_rx_action() can invoke the driver's start_xmit callback, which uses the same lock as the IRQ handler. If netif_rx() is called inside the IRQ handler while holding the lock, it can lead to a deadlock due to an attempt to re-acquire an already held lock, causing the system to hang. The fix removes the local_bh_disable()/local_bh_enable() calls and changes the logic to queue all received SKBs inside the IRQ handler while holding the lock. Once the IRQ handler exits the critical section, it dequeues the SKBs and calls netif_rx() outside the lock. This prevents triggering net_rx_action() while holding the lock, eliminating the deadlock risk. This vulnerability affects specific Linux kernel versions identified by commit hashes and impacts systems using the KS8851 network driver, particularly with SPI bus interfaces. No known exploits are reported in the wild as of the publication date. The CVSS v3.1 score is 6.2 (medium), reflecting a local attack vector, low complexity, no privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but a high impact on availability due to potential system hangs.

For European organizations, this vulnerability could cause denial-of-service conditions on Linux systems using the KS8851 network driver, especially those with SPI bus interfaces. Such systems might experience hangs or crashes when processing network packets, leading to network outages or degraded service availability. This can affect critical infrastructure, industrial control systems, embedded devices, or network appliances running vulnerable Linux kernels. The impact is availability-focused, with no direct confidentiality or integrity compromise. Organizations relying on affected hardware or custom Linux builds with this driver could face operational disruptions, impacting business continuity and service reliability. The lack of known exploits reduces immediate risk, but the potential for system hangs makes timely patching important to avoid inadvertent denial-of-service scenarios.

European organizations should identify Linux systems using the KS8851 network driver, particularly those with SPI bus interfaces. This can be done by auditing kernel modules and hardware inventories. Applying the official Linux kernel patches that implement the fix for CVE-2024-36962 is the primary mitigation. If immediate patching is not feasible, organizations can consider temporarily disabling the KS8851 driver or isolating affected systems from critical network segments to reduce impact. Monitoring system logs for signs of IRQ handler hangs or network interface stalls can help detect exploitation attempts or manifestation of the issue. For embedded or custom Linux distributions, rebuild kernels with the patched driver version. Network segmentation and redundancy can mitigate availability impacts if a system hang occurs. Avoid running untrusted code or exposing vulnerable systems to untrusted networks to reduce attack surface. Finally, maintain up-to-date kernel versions and subscribe to Linux security advisories for timely updates.