CVE-2024-35996

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35996
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35996.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-35996
Downstream
Related
Published
2024-05-20T09:47:59Z
Modified
2025-10-14T16:51:03.669920Z
Summary
cpu: Re-enable CPU mitigations by default for !X86 architectures
Details

In the Linux kernel, the following vulnerability has been resolved:

cpu: Re-enable CPU mitigations by default for !X86 architectures

Rename x86's to CPUMITIGATIONS, define it in generic code, and force it on for all architectures exception x86. A recent commit to turn mitigations off by default if SPECULATIONMITIGATIONS=n kinda sorta missed that "cpumitigations" is completely generic, whereas SPECULATIONMITIGATIONS is x86-specific.

Rename x86's SPECULATIVEMITIGATIONS instead of keeping both and have it select CPUMITIGATIONS, as having two configs for the same thing is unnecessary and confusing. This will also allow x86 to use the knob to manage mitigations that aren't strictly related to speculative execution.

Use another Kconfig to communicate to common code that CPUMITIGATIONS is already defined instead of having x86's menu depend on the common CPUMITIGATIONS. This allows keeping a single point of contact for all of x86's mitigations, and it's not clear that other architectures want to allow disabling mitigations at compile-time.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
30da4180fd768973189dc364648f9c436e57b01d
Fixed
af6d6a923b40bf6471e44067ac61cc5814b48e7f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
70688450dddaf91e12fd4fc625da3297025932c9
Fixed
36b32816fbab267611f073223f1b0b816ec5920f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9c09773917fbb77dff85b433e1e89123fc5fb530
Fixed
38f17d1fbb5bfb56ca1419e2d06376d57a9396f9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2978ee7c973ce81b6e51100ba1e5ae001af624b9
Fixed
8292f4f8dd1b005d0688d726261004f816ef730a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c4a9babdd5d5a41a74269a2e1aa1647b1b4c45bb
Fixed
fd8547ebc187037cc69441a15c1441aeaab80f49
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f337a6a21e2fd67eadea471e93d05dd37baaa9be
Fixed
fe42754b94a42d08cf9501790afc25c4f6a5f631

Affected versions

v5.*

v5.15.156
v5.15.157

v6.*

v6.1.87
v6.1.88
v6.1.89
v6.6.28
v6.6.29
v6.8.7
v6.8.8
v6.9-rc4
v6.9-rc5

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2024-35996-1f0f3df2",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18516655363262447658844950427163541188",
                    "248495637070437327040339020188502241330",
                    "183282365910574898861252057802839564846",
                    "292770430680428858424148116498686595032",
                    "48763550140788899962648092307022566061"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd8547ebc187037cc69441a15c1441aeaab80f49",
            "target": {
                "file": "kernel/cpu.c"
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-35996-a023391b",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18516655363262447658844950427163541188",
                    "248495637070437327040339020188502241330",
                    "183282365910574898861252057802839564846",
                    "292770430680428858424148116498686595032",
                    "48763550140788899962648092307022566061"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@36b32816fbab267611f073223f1b0b816ec5920f",
            "target": {
                "file": "kernel/cpu.c"
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-35996-adb80199",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18516655363262447658844950427163541188",
                    "248495637070437327040339020188502241330",
                    "183282365910574898861252057802839564846",
                    "292770430680428858424148116498686595032",
                    "48763550140788899962648092307022566061"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe42754b94a42d08cf9501790afc25c4f6a5f631",
            "target": {
                "file": "kernel/cpu.c"
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-35996-b8a840a4",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18516655363262447658844950427163541188",
                    "248495637070437327040339020188502241330",
                    "183282365910574898861252057802839564846",
                    "292770430680428858424148116498686595032",
                    "48763550140788899962648092307022566061"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af6d6a923b40bf6471e44067ac61cc5814b48e7f",
            "target": {
                "file": "kernel/cpu.c"
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-35996-ce3952d8",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18516655363262447658844950427163541188",
                    "248495637070437327040339020188502241330",
                    "183282365910574898861252057802839564846",
                    "292770430680428858424148116498686595032",
                    "48763550140788899962648092307022566061"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8292f4f8dd1b005d0688d726261004f816ef730a",
            "target": {
                "file": "kernel/cpu.c"
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-35996-d4799b7a",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18516655363262447658844950427163541188",
                    "248495637070437327040339020188502241330",
                    "183282365910574898861252057802839564846",
                    "292770430680428858424148116498686595032",
                    "48763550140788899962648092307022566061"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f17d1fbb5bfb56ca1419e2d06376d57a9396f9",
            "target": {
                "file": "kernel/cpu.c"
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.156
Fixed
5.15.158
Type
ECOSYSTEM
Events
Introduced
6.1.87
Fixed
6.1.90
Type
ECOSYSTEM
Events
Introduced
6.6.28
Fixed
6.6.30
Type
ECOSYSTEM
Events
Introduced
6.8.7
Fixed
6.8.9