CVE & CISA-KEV Catalog

CVE-2024-35971

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang The ks8851_irq() thread may call ks8851_rx_pkts() in case there are any packets in the MAC FIFO, which calls netif_rx(). This netif_rx() implementation is guarded by local_bh_disable() and local_bh_enable(). The local_bh_enable() may call do_softirq() to run softirqs in case any are pending. One of the softirqs is net_rx_action, which ultimately reaches the driver .start_xmit callback. If that happens, the system hangs. The entire call chain is below: ks8851_start_xmit_par from netdev_start_xmit netdev_start_xmit from dev_hard_start_xmit dev_hard_start_xmit from sch_direct_xmit sch_direct_xmit from __dev_queue_xmit __dev_queue_xmit from __neigh_update __neigh_update from neigh_update neigh_update from arp_process.constprop.0 arp_process.constprop.0 from __netif_receive_skb_one_core __netif_receive_skb_one_core from process_backlog process_backlog from __napi_poll.constprop.0 __napi_poll.constprop.0 from net_rx_action net_rx_action from __do_softirq __do_softirq from call_with_stack call_with_stack from do_softirq do_softirq from __local_bh_enable_ip __local_bh_enable_ip from netif_rx netif_rx from ks8851_irq ks8851_irq from irq_thread_fn irq_thread_fn from irq_thread irq_thread from kthread kthread from ret_from_fork The hang happens because ks8851_irq() first locks a spinlock in ks8851_par.c ks8851_lock_par() spin_lock_irqsave(&ksp->lock, ...) and with that spinlock locked, calls netif_rx(). Once the execution reaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again which attempts to claim the already locked spinlock again, and the hang happens. Move the do_softirq() call outside of the spinlock protected section of ks8851_irq() by disabling BHs around the entire spinlock protected section of ks8851_irq() handler. Place local_bh_enable() outside of the spinlock protected section, so that it can trigger do_softirq() without the ks8851_par.c ks8851_lock_par() spinlock being held, and safely call ks8851_start_xmit_par() without attempting to lock the already locked spinlock. Since ks8851_irq() is protected by local_bh_disable()/local_bh_enable() now, replace netif_rx() with __netif_rx() which is not duplicating the local_bh_disable()/local_bh_enable() calls.

How to fix

Remediation Available
linuxDebian
Fixed in:6.1.90-1CVE-2024-35971
Fixed in:6.8.9-1CVE-2024-35971
Fixed in:6.8.9-1CVE-2024-35971
linuxUbuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-awsUbuntu
Fixed in:6.8.0-1011.12USN-6893-3
linux-azureUbuntu
Fixed in:6.8.0-1010.10USN-6893-1
linux-gcpUbuntu
Fixed in:6.8.0-1010.11USN-6893-1
linux-gkeUbuntu
Fixed in:6.8.0-1006.9USN-6893-2
linux-ibmUbuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-image-6.8.0-1006-gkeUbuntu
Fixed in:6.8.0-1006.9USN-6893-2
linux-image-6.8.0-1007-intelUbuntu
Fixed in:6.8.0-1007.14USN-6893-1
linux-image-6.8.0-1007-raspiUbuntu
Fixed in:6.8.0-1007.7USN-6893-1
linux-image-6.8.0-1008-ibmUbuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-image-6.8.0-1008-oemUbuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-image-6.8.0-1008-oracleUbuntu
Fixed in:6.8.0-1008.8USN-6918-1
linux-image-6.8.0-1008-oracle-64kUbuntu
Fixed in:6.8.0-1008.8USN-6918-1
linux-image-6.8.0-1009-nvidiaUbuntu
Fixed in:6.8.0-1009.9USN-6893-2
linux-image-6.8.0-1009-nvidia-64kUbuntu
Fixed in:6.8.0-1009.9USN-6893-2
linux-image-6.8.0-1010-azureUbuntu
Fixed in:6.8.0-1010.10USN-6893-1
linux-image-6.8.0-1010-azure-fdeUbuntu
Fixed in:6.8.0-1010.10USN-6893-1
linux-image-6.8.0-1010-gcpUbuntu
Fixed in:6.8.0-1010.11USN-6893-1
linux-image-6.8.0-1011-awsUbuntu
Fixed in:6.8.0-1011.12USN-6893-3
linux-image-6.8.0-38-genericUbuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-6.8.0-38-generic-64kUbuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-6.8.0-38-lowlatencyUbuntu
Fixed in:6.8.0-38.38.1USN-6893-1
linux-image-6.8.0-38-lowlatency-64kUbuntu
Fixed in:6.8.0-38.38.1USN-6893-1
linux-image-awsUbuntu
Fixed in:6.8.0-1011.12USN-6893-3
linux-image-azureUbuntu
Fixed in:6.8.0-1010.10USN-6893-1
linux-image-azure-fdeUbuntu
Fixed in:6.8.0-1010.10USN-6893-1
linux-image-gcpUbuntu
Fixed in:6.8.0-1010.11USN-6893-1
linux-image-genericUbuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-generic-64kUbuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-generic-64k-hwe-24.04Ubuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-generic-hwe-24.04Ubuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-generic-lpaeUbuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-gkeUbuntu
Fixed in:6.8.0-1006.9USN-6893-2
linux-image-ibmUbuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-image-ibm-classicUbuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-image-ibm-lts-24.04Ubuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-image-intelUbuntu
Fixed in:6.8.0-1007.14USN-6893-1
linux-image-kvmUbuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-lowlatencyUbuntu
Fixed in:6.8.0-38.38.1USN-6893-1
linux-image-lowlatency-64kUbuntu
Fixed in:6.8.0-38.38.1USN-6893-1
linux-image-nvidiaUbuntu
Fixed in:6.8.0-1009.9USN-6893-2
linux-image-nvidia-64kUbuntu
Fixed in:6.8.0-1009.9USN-6893-2
linux-image-oem-24.04Ubuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-image-oem-24.04aUbuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-image-oracleUbuntu
Fixed in:6.8.0-1008.8USN-6918-1
linux-image-oracle-64kUbuntu
Fixed in:6.8.0-1008.8USN-6918-1
linux-image-raspiUbuntu
Fixed in:6.8.0-1007.7USN-6893-1
linux-image-virtualUbuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-image-virtual-hwe-24.04Ubuntu
Fixed in:6.8.0-38.38USN-6893-1
linux-intelUbuntu
Fixed in:6.8.0-1007.14USN-6893-1
linux-lowlatencyUbuntu
Fixed in:6.8.0-38.38.1USN-6893-1
linux-nvidiaUbuntu
Fixed in:6.8.0-1009.9USN-6893-2
linux-oem-6.8Ubuntu
Fixed in:6.8.0-1008.8USN-6893-1
linux-oracleUbuntu
Fixed in:6.8.0-1008.8USN-6918-1
linux-raspiUbuntu
Fixed in:6.8.0-1007.7USN-6893-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.21%probability of exploitation in 30 days
12thpercentile

Low risk: more likely to be exploited than 12% of all known CVEs.

References

Related Vulnerabilities

Other CWE-667 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2019-10072High7.573%-Fix
CVE-2002-1850High7.517%-Fix
CVE-2009-2699High7.514%-Fix
CVE-2004-0174High7.512%--
CVE-2009-4272High7.511%--
CVE-2020-24606High8.65.2%-Fix
Embed a live status badge for CVE-2024-35971
CVE-2024-35971 severity badge

Markdown

[![CVE-2024-35971](https://tridentstack.com/cve/badge/CVE-2024-35971.svg)](https://tridentstack.com/cve/CVE-2024-35971)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-35971"><img src="https://tridentstack.com/cve/badge/CVE-2024-35971.svg" alt="CVE-2024-35971"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-09-24.