CVE-2024-35836

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35836
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35836.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-35836
Downstream
Related
Published
2024-05-17T14:02:27Z
Modified
2025-10-09T07:54:02.748120Z
Summary
dpll: fix pin dump crash for rebound module
Details

In the Linux kernel, the following vulnerability has been resolved:

dpll: fix pin dump crash for rebound module

When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI device have had kept the reference to that pin), and kernel module is again bound, the pin properties would not be updated (the properties are only assigned when memory for the pin is allocated), prop pointer still points to the kernel module memory of the kernel module which was deallocated on the unbind.

If the pin dump is invoked in this state, the result is a kernel crash. Prevent the crash by storing persistent pin properties in dpll subsystem, copy the content from the kernel module when pin is allocated, instead of using memory of the kernel module.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9431063ad323ac864750aeba4d304389bc42ca4e
Fixed
5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9431063ad323ac864750aeba4d304389bc42ca4e
Fixed
830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b

Affected versions

v6.*

v6.6
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.3