Login Sign Up

CVE-2024-35785

7.1 HIGH

📋 TL;DR

A kernel panic vulnerability in the Linux kernel's TEE (Trusted Execution Environment) OP-TEE driver allows local attackers to crash the system by triggering improper error handling during device registration. This affects systems using OP-TEE for trusted computing. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • Linux kernel with OP-TEE driver
Versions: Kernel versions containing commit 7269cba53d90 up to patches listed in references
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if OP-TEE is configured and in use. Many systems may not have OP-TEE enabled by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash (kernel panic) leading to denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service through system crash, requiring physical or remote console access to recover.

🟢

If Mitigated

Minimal impact if systems have proper access controls preventing local user exploitation.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable from internet.
🏢 Internal Only: MEDIUM - Local users or compromised accounts could crash systems, but requires specific OP-TEE configuration.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger the specific error path in OP-TEE device registration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with fixes from provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/4b12ff5edd141926d49c9ace4791adf3a4902fe7

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable OP-TEE module

linux

Prevent loading of vulnerable OP-TEE driver if not required

echo 'blacklist optee' >> /etc/modprobe.d/blacklist.conf
rmmod optee

🧯 If You Can't Patch

  • Restrict local user access to systems using OP-TEE
  • Implement strict access controls and monitoring for systems with OP-TEE enabled

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if OP-TEE module is loaded: 'uname -r' and 'lsmod | grep optee'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable range and OP-TEE module loads without panic

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages mentioning 'optee' or 'TEE bus'
  • System crash/reboot logs following OP-TEE operations

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("optee" OR "TEE bus") AND ("panic" OR "Oops" OR "abort")

📊 Metadata

CVE ID: CVE-2024-35785
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-754
Published: May 17, 2024
Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35785, you might also want to check these:

CVE-2026-24054 10.0

A vulnerability in Kata Containers allows malformed container images with no layers to cause the hos...

Same vulnerability type (CWE-754)
CVE-2021-0211 10.0

This vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows attackers to send specia...

Same vulnerability type (CWE-754)
CVE-2024-3729 9.8

This vulnerability in the Frontend Admin WordPress plugin allows unauthenticated attackers to manipu...

Same vulnerability type (CWE-754)